Skip to main content

Chartbrew CVE-2026-30232

| EUVDEUVD-2026-21551 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-10 GitHub_M
7.8
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.8 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:58 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
4.8.5
EUVD ID Assigned
Apr 10, 2026 - 20:15 euvd
EUVD-2026-21551
Analysis Generated
Apr 10, 2026 - 20:15 vuln.today
CVE Published
Apr 10, 2026 - 19:15 nvd
HIGH 7.8

DescriptionGitHub Advisory

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.

AnalysisAI

Server-Side Request Forgery in Chartbrew versions prior to 4.8.5 allows authenticated users to create API data connections with arbitrary URLs, enabling attacks against internal networks and cloud metadata endpoints. The vulnerability stems from unvalidated URL fetching via request-promise library, permitting attackers to probe internal infrastructure, access cloud instance metadata (AWS, Azure, GCP), and potentially retrieve sensitive credentials or configuration data. No public exploit identified at time of analysis. CVSS 7.8 with network attack vector and no authentication requirement in subsequent chain exploitation.

Technical ContextAI

Root cause is absence of IP address validation in request-promise HTTP client when processing user-supplied API connection URLs. CWE-918 SSRF enables bypass of network segmentation controls. Authenticated context (PR:N in vector appears inconsistent with description requiring authentication) allows crafted requests to internal RFC1918 addresses and cloud metadata services (169.254.169.254).

RemediationAI

Vendor-released patch: version 4.8.5. Immediate upgrade to Chartbrew 4.8.5 is required, which implements IP address validation and request filtering to prevent SSRF attacks. Organizations unable to upgrade immediately should restrict API data connection creation privileges to trusted administrators only and implement network egress filtering to block access to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and cloud metadata endpoints (169.254.169.254/32) from Chartbrew server instances. Review existing API connections for suspicious internal URLs. Vendor security advisory: https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv. Patch commit reference: https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1.

CVE-2026-27005 CRITICAL POC
9.8 Mar 06

SQL injection in Chartbrew before 4.8.3. PoC available.

CVE-2026-25888 HIGH POC
8.8 Mar 06

Remote code execution in Chartbrew prior to version 4.8.1 allows authenticated attackers to execute arbitrary code throu

CVE-2026-27603 HIGH POC
7.5 Mar 06

Chartbrew versions up to 4.8.4 is affected by missing authentication for critical function (CVSS 7.5).

CVE-2026-25887 HIGH POC
7.2 Mar 06

Remote code execution in Chartbrew versions prior to 4.8.1 allows authenticated attackers with high privileges to execut

CVE-2026-25877 MEDIUM POC
6.5 Mar 06

Chartbrew versions before 4.8.1 fail to validate chart ownership during modification operations, allowing authenticated

CVE-2026-27605 MEDIUM POC
6.3 Mar 06

Chartbrew versions prior to 4.8.4 allow authenticated users to upload arbitrary files by bypassing file type validation,

CVE-2026-40600 HIGH
8.1 Apr 30

Authenticated users in Chartbrew 4.9.0 can modify or delete dashboard sharing policies across projects they don't own du

CVE-2026-40904 HIGH
8.1 Apr 30

Horizontal privilege escalation in Chartbrew 4.9.0 allows authenticated low-privilege team members to access datasets, d

CVE-2026-32252 HIGH
7.7 Apr 10

Cross-tenant authorization bypass in Chartbrew versions prior to 4.9.0 allows authenticated attackers to exfiltrate sens

CVE-2026-40601 HIGH
7.5 Apr 30

Unauthenticated remote attackers can access and refresh private chart data in Chartbrew 4.9.0 via an exposed API endpoin

CVE-2026-40595 HIGH
7.5 Apr 30

Chartbrew 4.9.0 allows unauthenticated attackers to access hidden chart data via authentication bypass in public chart e

CVE-2026-35514 MEDIUM
6.5 Apr 30

Unauthenticated account creation in Chartbrew 4.9.0 allows any remote attacker to bypass signup restrictions and create

Share

CVE-2026-30232 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy