CVE-2026-25877

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.1

Description Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.1, authorization checks for chart operations (update, delete, etc.) relied only on the project id parameter. The chart id was not validated, allowing authenticated users with project access to manipulate charts belonging to other users or projects. The application uses the /api/chart endpoint for chart-related operations.

Recommendations Update to version 4.8.1 or later.