5 matches found
CVE-2026-44719
Mathesar (Web app for PostgreSQL) fixed a privilege check vulnerability in versions 0.2.0–0.09.x. Endpoints such as collaborators.list, tables.metadata.list, explorations.list, and forms.list accepted a database_id without verifying that the requester was a collaborator, allowing an authenticated...
EUVD-2026-30589
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...
CVE-2026-44718
Mathesar prior to 0.10.0 contains an access control flaw: from 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user is a collaborator on the exploration’s database. An authenticated user on ...
CVE-2026-44718 Mathesar: Missing collaborator checks allowed access to saved explorations in other databases
Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an explorationid without verifying that the requesting user was a collaborator on the...