CVE-2026-27005

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3

Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against connected databases, including MySQL and PostgreSQL. This allows an attacker to potentially read, modify, or delete data within those databases, depending on the database user's permissions. The issue is related to the applyMysqlOrPostgresVariables function.

Recommendations Update Chartbrew to version 4.8.3 or later.