CVE-2026-27005

UNKNOWN 0.0

Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew (MySQL, PostgreSQL). This allows reading, modifying, or deleting data in those databases depending on the database user's privileges. This issue has been patched in version 4.8.3.

CWE	CWE-89
Vendor	chartbrew
Product	chartbrew
Published	Mar 6, 2026
Last Updated	Mar 6, 2026

Stay Ahead of the Next One

Get instant alerts for chartbrew chartbrew

Be the first to know when new unknown vulnerabilities affecting chartbrew chartbrew are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

chartbrew / chartbrew

< 4.8.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/chartbrew/chartbrew/security/advisories/GHSA-w5rh-v333-qq6c github.com: https://github.com/chartbrew/chartbrew/releases/tag/v4.8.3