CVE-2026-32252

🗓️ 10 Apr 2026 19:17:53Reported by GitHub_MType

cve🔗 web.nvd.nist.gov👁 9 Views🌐 WEB

Chartbrew cross-tenant template export flaw allows access to another team's project data; fixed in version 4.9.0.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-32252	10 Apr 202619:17	–	attackerkb
Circl	CVE-2026-32252	10 Apr 202621:24	–	circl
CNNVD	chartbrew 授权问题漏洞	10 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`	10 Apr 202619:17	–	cvelist
EUVD	EUVD-2026-21553	10 Apr 202619:17	–	euvd
NVD	CVE-2026-32252	10 Apr 202620:16	–	nvd
Positive Technologies	PT-2026-32028	10 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-32252	13 Apr 202619:23	–	redhatcve
Vulnrichment	CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`	10 Apr 202619:17	–	vulnrichment

NVD

Vulners

Node

depomo chartbrewRange<4.9.0

[
  {
    "vendor": "chartbrew",
    "product": "chartbrew",
    "versions": [
      {
        "version": "< 4.9.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/chartbrew/chartbrew/commit/bf5919043d3587fcbe76123aaabd9a0a9d1033f1
github	www.github.com/chartbrew/chartbrew/security/advisories/GHSA-mw4f-cf22-qpcj

Parameter	Position	Path	Description	CWE
team_id	path	/team/:team_id/template/generate/:project_id	Cross-tenant authorization bypass allowing access to another team's project template data due to missing verification of ownership in GET /team/:team_id/template/generate/:project_id prior to 4.9.0.	CWE-285
project_id	path	/team/:team_id/template/generate/:project_id	Cross-tenant authorization bypass allowing access to another team's project template data due to missing verification of ownership in GET /team/:team_id/template/generate/:project_id prior to 4.9.0.	CWE-285

17 Jun 2026 10:35Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.7

EPSS0.00285

SSVC

CWE-285