CVE-2026-27005

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3

Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against connected databases, specifically MySQL and PostgreSQL. This allows an attacker to potentially read, modify, or delete data within those databases, depending on the privileges of the database user. The vulnerable code involves the handling of date-type variables within the applyMysqlOrPostgresVariables function.

Recommendations Versions prior to 4.8.3 should be updated to version 4.8.3 or later.