Skip to main content

Chat2db

1 CVEs product

Monthly

CVE-2026-63307 HIGH PATCH This Week

Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.

Authentication Bypass Chat2db
NVD GitHub
CVSS 4.0
7.1
CVSS 7.1
HIGH PATCH This Week

Insecure direct object reference in Chat2DB before 5.3.0 lets any authenticated non-admin user read the decrypted database credentials of datasources belonging to other users by enumerating IDs against GET /api/connection/datasource/{id}. Because the handler returns the plaintext password field and omits an ownership check, a single low-privileged account can harvest every other tenant's stored connection secrets. No public exploit has been identified at time of analysis, but exploitation is trivial and the EPSS/KEV signals were not supplied in the input.

Authentication Bypass Chat2db
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy