CVE-2026-27603

Published March 6th, 2026

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verifyToken and checkPermissions middleware, allowing unauthenticated users to access chart data from any team/project. This issue has been patched in version 4.8.4.

chartbrew/chartbrew

Open-source reporting platform to build and share live dashboards from APIs, SQL and NoSQL databases, with powerful AI assistant, scheduling, and embeddable charts 📈📊

GitHub

3.95K