Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Chartbrew: Users can access other users' charts without permission
CVE-2026-25877
Summary
A security issue was found in Chartbrew versions before 4.8.1. This means an authenticated user could accidentally or intentionally view or modify charts that belong to other users. To fix this, update to Chartbrew version 4.8.1 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| depomo | chartbrew | <= 4.8.1 | – |
Original title
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks ...
Original description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling chart-related operations (update, delete, etc.). No authorization check is performed against the chart_id itself. This allows an authenticated user who has access to any project to manipulate or access charts belonging to other users/ project. This issue has been patched in version 4.8.1.
nvd CVSS3.1
6.5
Vulnerability type
CWE-284
Improper Access Control
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026