CVE-2026-27603

UNKNOWN 0.0

Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:project_id/chart/:chart_id/filter is missing both verifyToken and checkPermissions middleware, allowing unauthenticated users to access chart data from any team/project. This issue has been patched in version 4.8.4.

CWE	CWE-306
Vendor	chartbrew
Product	chartbrew
Published	Mar 6, 2026
Last Updated	Mar 6, 2026

Stay Ahead of the Next One

Get instant alerts for chartbrew chartbrew

Be the first to know when new unknown vulnerabilities affecting chartbrew chartbrew are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

chartbrew / chartbrew

< 4.8.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/chartbrew/chartbrew/security/advisories/GHSA-9fhr-5vvc-p455 github.com: https://github.com/chartbrew/chartbrew/releases/tag/v4.8.4