anonhaven
Ad

CVE-2026-4586

MEDIUM CVSS 4.0: 5.3 EPSS 0.04%
Updated Mar 23, 2026
Java
Parameter Value
CVSS 5.3 (MEDIUM)
Type CWE-284 (Improper Access Control), CWE-434 (Unrestricted File Upload)
Vendor Java
Public PoC No

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a manipulation results in unrestricted upload.

The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-284 Improper Access Control
CWE-434 Unrestricted File Upload

References 4

https://fx4tqqfvdw4.feishu.cn/docx/PgtzdpfoWoTR0yxB7P6cujGanih?from=from_copyli…
cna@vuldb.com
https://vuldb.com/?ctiid.352432
cna@vuldb.com
https://vuldb.com/?id.352432
cna@vuldb.com
https://vuldb.com/?submit.775596
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33207

Java

8.6

CVE-2026-5598

Java

10.0

CVE-2026-5588

Java

6.3

CVE-2026-3505

Java

8.7

CVE-2026-0636

Java

5.5