CVE-2026-25877 in Chartbrewinformação

Sumário

de MITRE • 06/03/2026

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling chart-related operations (update, delete, etc.). No authorization check is performed against the chart_id itself. This allows an authenticated user who has access to any project to manipulate or access charts belonging to other users/ project. This issue has been patched in version 4.8.1.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

GitHub M

Reservar

06/02/2026

Divulgação

06/03/2026

Moderação

aceite

Entrada

VDB-349263

CPE

pronto

CWE

CWE-284 (confirmado)

CVSS

6.5 (CNA)

EPSS

0.00042

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-25877
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-25877
CVE Details	https://www.cvedetails.com/cve/CVE-2026-25877/

◂ Voltar Visão Geral Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!