This vulnerability (CVE-2026-49377) affects JetBrains TeamCity versions prior to 2025.11.2. It allows sensitive data to be exposed via default agent parameters, which may include environment variables or configuration settings that are not properly protected. The weakness is classified as CWE-526, indicating exposure of information through default or environmental parameters. The CVSS 3.1 base score is 4.3, reflecting a network attack vector with low complexity, requiring low privileges and no user interaction, resulting in limited confidentiality impact only. No official remediation or patch information is currently available, and the product is not a cloud service, so remediation depends on vendor updates.

The vulnerability can lead to unauthorized disclosure of sensitive information from the TeamCity agent parameters. This exposure affects confidentiality but does not impact integrity or availability. There are no known active exploits in the wild, reducing immediate risk. However, sensitive data leakage could aid attackers in further reconnaissance or targeted attacks if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor JetBrains advisories for updates. Until a patch is available, review and restrict access to sensitive agent parameters where possible and avoid exposing sensitive data in default configurations.