anonhaven
Ad

CVE-2026-25888

HIGH CVSS 3.1: 8.8 EPSS 0.23%
Updated Mar 06, 2026
Chartbrew
Parameter Value
CVSS 8.8 (HIGH)
Fixed In 4.8.1
Type CWE-94 (Code Injection (Внедрение кода))
Vendor Chartbrew
Public PoC No

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection (Внедрение кода)

References 2

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1
security-advisories@github.com
https://github.com/chartbrew/chartbrew/security/advisories/GHSA-875w-45c2-gxq8
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27605

Chartbrew

6.3

CVE-2026-27603

Chartbrew

8.7

CVE-2026-25877

Chartbrew

6.5