CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/30 6:20 p.m.•2 views

CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

8.1CVSS5.3AI score0.00235EPSS

Exploits0References2

EUVD•added 2026/04/30 6:20 p.m.•3 views

EUVD-2026-26411

8.1CVSS5.3AI score0.00235EPSS

Exploits0References2

CNNVD•added 2026/04/30 12:0 a.m.•6 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability related to access control. This vulnerability arises from the endpoint POST /user/invited, which does not validate any invitation tokens,...

6.5CVSS5.8AI score0.00243EPSS

CNNVD•added 2026/04/30 12:0 a.m.•5 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

8.1CVSS5.8AI score0.00235EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•2 views

PT-2026-36163

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.4AI score0.00241EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•4 views

PT-2026-36164

8.1CVSS5.4AI score0.00235EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•4 views

PT-2026-36160

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. Th...

7.5CVSS5.3AI score0.00275EPSS

CNNVD•added 2026/04/30 12:0 a.m.•6 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from a legacy dashboard routing mechanism that bypasses project-level authorization, returning original...

6.5CVSS5.8AI score0.00241EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•5 views

PT-2026-36159

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited does not validate any invite token, authentication header, or session. Any unauthenticated attacker can call this endpoi...

6.5CVSS5.4AI score0.00243EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•1 views

PT-2026-36161

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...

8.1CVSS5.3AI score0.00232EPSS

CNNVD•added 2026/04/30 12:0 a.m.•8 views

chartbrew 安全漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability. This vulnerability stems from the lack of authentication for the POST /api/chart/:chartid/query endpoint. Only the team.allowReportRefre...

7.5CVSS5.8AI score0.00326EPSS

CNNVD•added 2026/04/30 12:0 a.m.•7 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that the routes for retrieving and exporting public charts only verify project-level publi...

7.5CVSS5.8AI score0.00275EPSS

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

NVD•added 2026/04/10 8:16 p.m.•0 views

Exploits1References1

CVE-2026-32252

7.7CVSS0.00285EPSS

Exploits1References2

NVD•added 2026/04/10 8:16 p.m.•2 views

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any I...

9.6CVSS0.00242EPSS

Exploits0References2

Cvelist•added 2026/04/10 7:17 p.m.•16 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

7.7CVSS0.00285EPSS

Exploits1References2

ATTACKERKB•added 2026/04/10 7:17 p.m.•0 views

CVE-2026-32252

Exploits1References3Affected Software1

Vulnrichment•added 2026/04/10 7:17 p.m.•4 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

CVE•added 2026/04/10 7:17 p.m.•7 views

Exploits1References2

CVE-2026-32252

CVE-2026-32252 – Chartbrew : A cross-tenant authorization bypass exists in GET /team/:team_id/template/generate/:project_id prior to 4.9.0. The handler calls checkAccess(req, "updateAny", "chart") without awaiting the promise and does not verify the project_id belongs to the caller’s team. As a r...