Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible with no authentication (PR:N); share metadata is publicly readable, enabling field ID enumeration; only limited confidentiality impact on hidden field values (C:L) with no integrity or availability consequence.
Primary rating from Vendor (vulncheck).
CVSS VectorVendor: vulncheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
AnalysisAI
Hidden field data disclosure in Teable before 2026-06-15T04-43-24Z.1912 allows unauthenticated remote attackers to bypass share view field visibility restrictions by supplying arbitrary field IDs in the API projection parameter. The share view records endpoint fails to enforce server-side field visibility policy, permitting any caller with access to a public share URL to read field values the table owner explicitly marked as hidden. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Teable instance has at least one share view enabled and publicly accessible - share views are an opt-in feature, not enabled by default on tables. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.9 (Medium) is a reasonable representation of real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker visits a publicly shared Teable view URL and retrieves the unauthenticated share metadata, which includes the field IDs of all fields on the table - including those configured as hidden by the table owner. The attacker constructs a direct API request to the share view records endpoint, appending the hidden field IDs to the `projection` parameter, and receives the restricted field values in the JSON response alongside the normally visible data. … |
| Remediation | Upgrade Teable to release 2026-06-15T04-43-24Z.1912 or later, available at https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40157
GHSA-49fm-7w64-4wqc