CVE-2026-25877 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the appli…
Medium CVSS: 6.5

CVE-2026-25877

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling chart-related operations (update, delete, etc.). No authorization check is performed against the chart_id itself. This allows an authenticated user who has access to any project to manipulate or access charts belonging to other users/ project. This issue has been patched in version 4.8.1.
Vendor
Depomo
Product
Chartbrew
CWE
CWE-284
Yayın Tarihi
2026-03-06 05:16:28
Güncelleme
2026-03-10 14:09:25
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-284 Chartbrew MEDIUM Depomo 2026

Referanslar

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1 https://github.com/chartbrew/chartbrew/security/advisories/GHSA-9fcr-x8x8-mrxc