CVE-2026-27603 Chartbrew — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Fixed In	4.8.4
Type	CWE-306 (Missing Authentication for Critical Function (Отсутствие аутентификации))
Vendor	Chartbrew
Public PoC	No

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verifyToken and checkPermissions middleware, allowing unauthenticated users to access chart data from any team/project. This issue has been patched in version 4.8.4.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

None

Нет модификации данных

Availability

None

Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function (Отсутствие аутентификации)

References 2

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.4

security-advisories@github.com

https://github.com/chartbrew/chartbrew/security/advisories/GHSA-9fhr-5vvc-p455

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-27605

Chartbrew

6.3

CVE-2026-25888

Chartbrew

8.8

CVE-2026-25877

Chartbrew

6.5

Menu

CVE-2026-27603

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-27605

CVE-2026-25888

CVE-2026-25877

CVE Details

Editor's Choice