CVE-2026-25888 Chartbrew — Exploit & Vulnerability Details HIGH

CVE-2026-25888

HIGH CVSS 3.1: 8.8 EPSS 0.37%

Parameter	Value
CVSS	8.8 (HIGH)
Fixed In	4.8.1
Type	CWE-94 (Code Injection)
Vendor	Chartbrew
Public PoC	No

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-94 Code Injection

References 2

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1

security-advisories@github.com

https://github.com/chartbrew/chartbrew/security/advisories/GHSA-875w-45c2-gxq8

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32252

Chartbrew

7.7

CVE-2026-30232

Chartbrew

7.8

CVE-2026-27605

Chartbrew

6.3

CVE-2026-27603

Chartbrew

8.7

CVE-2026-25877

Chartbrew

6.5

Menu

CVE-2026-25888

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-32252

CVE-2026-30232

CVE-2026-27605

CVE-2026-27603

CVE-2026-25877

CVE Details

Editor's Choice

Menu

CVE-2026-25888

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-32252

CVE-2026-30232

CVE-2026-27605

CVE-2026-27603

CVE-2026-25877

CVE Details

Editor's Choice

Stay informed on cybersecurity