This vulnerability in JetBrains TeamCity's SAML plugin involves insufficient validation of usernames, classified as CWE-863 (Incorrect Authorization). It affects versions before 2026.1 and has a CVSS 3.1 base score of 6.5, indicating a medium severity level. The issue could lead to unauthorized information disclosure or modification due to improper access control during SAML authentication. No patch or official remediation level has been published by JetBrains as of the vulnerability's disclosure date.

The vulnerability allows potential unauthorized access or information disclosure through improper username validation in the SAML plugin. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and impacts confidentiality and integrity but not availability. There are no known exploits in the wild, so the immediate risk appears limited but could increase if exploitation techniques emerge.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround has been published by JetBrains, users should monitor JetBrains' security advisories and plan to update to version 2026.1 or later once available. Until then, consider restricting access to the TeamCity SAML plugin or implementing compensating controls if feasible.