Skip to main content

Chartbrew

14 CVEs product

Monthly

CVE-2026-40603 MEDIUM This Month

Chartbrew 4.9.0 fails to properly enforce project-level access controls on a legacy dashboard route, allowing any authenticated team member to read another team member's project report data and extract stored report passwords. The vulnerability affects users without explicit project access but with team membership, who can leverage the unprotected endpoint to view sensitive dashboard configurations and credentials. Patched in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40601 HIGH This Week

Unauthenticated remote attackers can access and refresh private chart data in Chartbrew 4.9.0 via an exposed API endpoint. The POST /api/chart/:chart_id/query endpoint lacks authentication checks and fails to validate whether charts belong to public reports or if sharing policies permit access. Attackers possessing a chart identifier can retrieve sensitive data from private dashboards without credentials. EPSS data not available. Not listed in CISA KEV. Vendor-confirmed vulnerability with patch released in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-40600 HIGH This Week

Authenticated users in Chartbrew 4.9.0 can modify or delete dashboard sharing policies across projects they don't own due to insufficient authorization checks. An attacker with legitimate access to one project can manipulate SharePolicy records (visibility settings, passwords, allowed parameters, expiration dates) for dashboards in any other project within the same Chartbrew instance. While CVSS rates this 8.1 HIGH, real-world risk depends heavily on multi-tenancy deployment: single-organization instances face lower insider threat exposure than multi-tenant SaaS scenarios. EPSS data not available. No public exploit identified at time of analysis, though exploitation requires only basic authenticated API access.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-40595 HIGH This Week

Chartbrew 4.9.0 allows unauthenticated attackers to access hidden chart data via authentication bypass in public chart export routes. Attackers who know a chart identifier in any public project can read or export charts that were intentionally excluded from public reports, bypassing SharePolicy access controls. The vulnerability requires only network access and a valid chart ID, with no authentication or user interaction needed. Patched in version 5.0.0 per vendor advisory GHSA-mq7q-6xh6-5649. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L).

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35514 MEDIUM This Month

Unauthenticated account creation in Chartbrew 4.9.0 allows any remote attacker to bypass signup restrictions and create a fully active account with valid JWT via the unprotected POST /user/invited endpoint, circumventing the signupRestricted configuration that normally blocks new registrations. An attacker receives a functional JWT token immediately without email verification, granting full authenticated access even when the instance restricts signups to invited users only. The vulnerability was patched in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-40904 HIGH This Week

Horizontal privilege escalation in Chartbrew 4.9.0 allows authenticated low-privilege team members to access datasets, data requests, and database connections belonging to other projects within the same team. Attackers with credentials to any single project can read, modify, create, and delete data assets across all sibling projects by exploiting missing project-level authorization checks on multiple API endpoints. This enables cross-project data exfiltration and unauthorized execution of victim database queries remotely with low complexity (EPSS not provided, no CISA KEV listing, vendor-patched in v5.0.0).

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32252 HIGH PATCH This Week

Cross-tenant authorization bypass in Chartbrew versions prior to 4.9.0 allows authenticated attackers to exfiltrate sensitive project data from other tenants. The vulnerability exists in the template generation endpoint (GET /team/:team_id/template/generate/:project_id), where unawaited promise execution and missing tenant validation enable attackers with valid template-generation permissions in their own team to access chart configurations, database connection details, and query structures from victim teams' projects. No public exploit identified at time of analysis. CVSS 7.7 reflects high confidentiality impact with scope change due to cross-tenant boundary violation.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30232 HIGH PATCH This Week

Server-Side Request Forgery in Chartbrew versions prior to 4.8.5 allows authenticated users to create API data connections with arbitrary URLs, enabling attacks against internal networks and cloud metadata endpoints. The vulnerability stems from unvalidated URL fetching via request-promise library, permitting attackers to probe internal infrastructure, access cloud instance metadata (AWS, Azure, GCP), and potentially retrieve sensitive credentials or configuration data. No public exploit identified at time of analysis. CVSS 7.8 with network attack vector and no authentication requirement in subsequent chain exploitation.

SSRF Chartbrew
NVD GitHub
CVSS 4.0
7.8
EPSS
0.0%
CVE-2026-27605 MEDIUM POC This Month

Chartbrew versions prior to 4.8.4 allow authenticated users to upload arbitrary files by bypassing file type validation, enabling stored XSS attacks through malicious HTML files served from the uploads directory. An attacker can exploit this to steal authentication tokens stored in localStorage and achieve account takeover. Public exploit code exists for this vulnerability, and no patch is currently available.

XSS Chartbrew
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-27603 HIGH POC This Week

Chartbrew versions up to 4.8.4 is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27005 CRITICAL POC Act Now

SQL injection in Chartbrew before 4.8.3. PoC available.

MySQL PostgreSQL Chartbrew
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25888 HIGH POC This Week

Remote code execution in Chartbrew prior to version 4.8.1 allows authenticated attackers to execute arbitrary code through a vulnerable API endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with valid credentials can achieve full system compromise including data exfiltration and integrity violations.

RCE Chartbrew
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-25887 HIGH POC This Week

Remote code execution in Chartbrew versions prior to 4.8.1 allows authenticated attackers with high privileges to execute arbitrary code through malicious MongoDB dataset queries. The vulnerability affects users connecting Chartbrew to MongoDB databases for chart creation and has active public exploit code available. No patch is currently available for affected versions.

MongoDB RCE Chartbrew
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-25877 MEDIUM POC This Month

Chartbrew versions before 4.8.1 fail to validate chart ownership during modification operations, allowing authenticated users to read, modify, or delete charts from other projects they shouldn't access. An attacker with valid credentials to any project can exploit this authorization bypass to manipulate arbitrary charts across the application. Public exploit code exists for this vulnerability, and no patch is currently available.

Authentication Bypass Chartbrew
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Chartbrew 4.9.0 fails to properly enforce project-level access controls on a legacy dashboard route, allowing any authenticated team member to read another team member's project report data and extract stored report passwords. The vulnerability affects users without explicit project access but with team membership, who can leverage the unprotected endpoint to view sensitive dashboard configurations and credentials. Patched in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated remote attackers can access and refresh private chart data in Chartbrew 4.9.0 via an exposed API endpoint. The POST /api/chart/:chart_id/query endpoint lacks authentication checks and fails to validate whether charts belong to public reports or if sharing policies permit access. Attackers possessing a chart identifier can retrieve sensitive data from private dashboards without credentials. EPSS data not available. Not listed in CISA KEV. Vendor-confirmed vulnerability with patch released in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Authenticated users in Chartbrew 4.9.0 can modify or delete dashboard sharing policies across projects they don't own due to insufficient authorization checks. An attacker with legitimate access to one project can manipulate SharePolicy records (visibility settings, passwords, allowed parameters, expiration dates) for dashboards in any other project within the same Chartbrew instance. While CVSS rates this 8.1 HIGH, real-world risk depends heavily on multi-tenancy deployment: single-organization instances face lower insider threat exposure than multi-tenant SaaS scenarios. EPSS data not available. No public exploit identified at time of analysis, though exploitation requires only basic authenticated API access.

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Chartbrew 4.9.0 allows unauthenticated attackers to access hidden chart data via authentication bypass in public chart export routes. Attackers who know a chart identifier in any public project can read or export charts that were intentionally excluded from public reports, bypassing SharePolicy access controls. The vulnerability requires only network access and a valid chart ID, with no authentication or user interaction needed. Patched in version 5.0.0 per vendor advisory GHSA-mq7q-6xh6-5649. No public exploit identified at time of analysis, though exploitation complexity is low (CVSS AC:L).

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated account creation in Chartbrew 4.9.0 allows any remote attacker to bypass signup restrictions and create a fully active account with valid JWT via the unprotected POST /user/invited endpoint, circumventing the signupRestricted configuration that normally blocks new registrations. An attacker receives a functional JWT token immediately without email verification, granting full authenticated access even when the instance restricts signups to invited users only. The vulnerability was patched in version 5.0.0.

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Horizontal privilege escalation in Chartbrew 4.9.0 allows authenticated low-privilege team members to access datasets, data requests, and database connections belonging to other projects within the same team. Attackers with credentials to any single project can read, modify, create, and delete data assets across all sibling projects by exploiting missing project-level authorization checks on multiple API endpoints. This enables cross-project data exfiltration and unauthorized execution of victim database queries remotely with low complexity (EPSS not provided, no CISA KEV listing, vendor-patched in v5.0.0).

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Cross-tenant authorization bypass in Chartbrew versions prior to 4.9.0 allows authenticated attackers to exfiltrate sensitive project data from other tenants. The vulnerability exists in the template generation endpoint (GET /team/:team_id/template/generate/:project_id), where unawaited promise execution and missing tenant validation enable attackers with valid template-generation permissions in their own team to access chart configurations, database connection details, and query structures from victim teams' projects. No public exploit identified at time of analysis. CVSS 7.7 reflects high confidentiality impact with scope change due to cross-tenant boundary violation.

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Server-Side Request Forgery in Chartbrew versions prior to 4.8.5 allows authenticated users to create API data connections with arbitrary URLs, enabling attacks against internal networks and cloud metadata endpoints. The vulnerability stems from unvalidated URL fetching via request-promise library, permitting attackers to probe internal infrastructure, access cloud instance metadata (AWS, Azure, GCP), and potentially retrieve sensitive credentials or configuration data. No public exploit identified at time of analysis. CVSS 7.8 with network attack vector and no authentication requirement in subsequent chain exploitation.

SSRF Chartbrew
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Chartbrew versions prior to 4.8.4 allow authenticated users to upload arbitrary files by bypassing file type validation, enabling stored XSS attacks through malicious HTML files served from the uploads directory. An attacker can exploit this to steal authentication tokens stored in localStorage and achieve account takeover. Public exploit code exists for this vulnerability, and no patch is currently available.

XSS Chartbrew
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Chartbrew versions up to 4.8.4 is affected by missing authentication for critical function (CVSS 7.5).

Authentication Bypass Chartbrew
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection in Chartbrew before 4.8.3. PoC available.

MySQL PostgreSQL Chartbrew
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in Chartbrew prior to version 4.8.1 allows authenticated attackers to execute arbitrary code through a vulnerable API endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers with valid credentials can achieve full system compromise including data exfiltration and integrity violations.

RCE Chartbrew
NVD GitHub
EPSS 0% CVSS 7.2
HIGH POC This Week

Remote code execution in Chartbrew versions prior to 4.8.1 allows authenticated attackers with high privileges to execute arbitrary code through malicious MongoDB dataset queries. The vulnerability affects users connecting Chartbrew to MongoDB databases for chart creation and has active public exploit code available. No patch is currently available for affected versions.

MongoDB RCE Chartbrew
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Chartbrew versions before 4.8.1 fail to validate chart ownership during modification operations, allowing authenticated users to read, modify, or delete charts from other projects they shouldn't access. An attacker with valid credentials to any project can exploit this authorization bypass to manipulate arbitrary charts across the application. Public exploit code exists for this vulnerability, and no patch is currently available.

Authentication Bypass Chartbrew
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy