CVE-2026-40904
Chartbrew CVE-2026-40904 affects Chartbrew 4.9.0, where dataset and dataRequest endpoints incorrectly authorize at the team level rather than binding the requested dataset_id, dataRequest_id, and connection_id to the caller’s allowed projects. This enables a user with access to one project inside...