CVE-2026-30232

UNKNOWN 0.0

Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

9th

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.

CWE	CWE-918
Vendor	chartbrew
Product	chartbrew
Published	Apr 10, 2026
Last Updated	Apr 15, 2026

Stay Ahead of the Next One

Get instant alerts for chartbrew chartbrew

Be the first to know when new unknown vulnerabilities affecting chartbrew chartbrew are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

chartbrew / chartbrew

< 4.8.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv github.com: https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1