CVE-2026-25887 MongoDB — Exploit & Vulnerability Details HIGH

CVE-2026-25887

HIGH CVSS 3.1: 7.2 EPSS 0.19%

Parameter	Value
CVSS	7.2 (HIGH)
Fixed In	4.8.1
Type	CWE-94 (Code Injection)
Vendor	MongoDB
Public PoC	No

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection

References 2

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1

security-advisories@github.com

https://github.com/chartbrew/chartbrew/security/advisories/GHSA-x4r6-prmw-7wvw

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-39857

MongoDB

5.3

CVE-2026-33888

MongoDB

5.3

CVE-2026-33877

MongoDB

3.7

CVE-2026-6231

MongoDB

5.3

CVE-2026-5170

MongoDB

6.0

Menu

CVE-2026-25887

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-39857

CVE-2026-33888

CVE-2026-33877

CVE-2026-6231

CVE-2026-5170

CVE Details

Editor's Choice

Menu

CVE-2026-25887

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-39857

CVE-2026-33888

CVE-2026-33877

CVE-2026-6231

CVE-2026-5170

CVE Details

Editor's Choice

Stay informed on cybersecurity