CVE-2026-40595— Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40595
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Chartbrew: Incorrect Access Control in public chart and export routes via missing onReport and SharePolicy checks
Source: NVD (National Vulnerability Database)
Vulnerability Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. The routes do not verify whether the target chart is actually allowed on the public report or whether the governing SharePolicy permits public access. An unauthenticated attacker who knows a chart identifier in a public project can read or export chart data for charts that were intentionally hidden from the report. This issue has been patched in version 5.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40595
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40595
Please Login to view more intelligence information
- Release v5.0.0 · chartbrew/chartbrew · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-40595
Same Patch Batch · chartbrew · 2026-04-30 · 6 CVEs total
| CVE-2026-40600 | 8.1 HIGH | Chartbrew: Incorrect Access Control in project share policy routes via unbound policy_id |
| CVE-2026-40904 | 8.1 HIGH | Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped perm |
| CVE-2026-40601 | 7.5 HIGH | Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh togg |
| CVE-2026-35514 | 6.5 MEDIUM | Unauthenticated Account Registration via /user/invited Bypasses All Signup Restrictions in |
| CVE-2026-40603 | 6.5 MEDIUM | Chartbrew: Incorrect Access Control in /api/project/dashboard/:brewName via same-team over |
IV. Related Vulnerabilities
Same product: chartbrew
- CVE-2026-40603
Chartbrew: Incorrect Access Control in /api/project/dashboar - CVE-2026-40601
Chartbrew: Missing Authorization in /api/chart/:chart_id/que - CVE-2026-40600
Chartbrew: Incorrect Access Control in project share policy - CVE-2026-35514
Unauthenticated Account Registration via /user/invited Bypas - CVE-2026-40904
Chartbrew: Incorrect Access Control in dataset and dataReque
Same vendor: chartbrew
- CVE-2026-40603
Chartbrew: Incorrect Access Control in /api/project/dashboar - CVE-2026-40601
Chartbrew: Missing Authorization in /api/chart/:chart_id/que - CVE-2026-40600
Chartbrew: Incorrect Access Control in project share policy - CVE-2026-35514
Unauthenticated Account Registration via /user/invited Bypas - CVE-2026-40904
Chartbrew: Incorrect Access Control in dataset and dataReque
Same weakness: CWE-284
- CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets - CVE-2026-41646
Nuclei: Local File Read via require() Module Loader Bypass - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
V. Comments for CVE-2026-40595
No comments yet