CVE
CVE-2026-27603
Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing unauthenticated users to access chart data from any team/project. This issue has been patched in version 4.8.4.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.7
-
4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-
Related Resources
No items found.
References
https://github.com/chartbrew/chartbrew/releases/tag/v4.8.4, https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27603.json, https://github.com/chartbrew/chartbrew/security/advisories/GHSA-9fhr-5vvc-p455, https://nvd.nist.gov/vuln/detail/CVE-2026-27603
Basic Information
Ecosystem
