CVE-2026-27605

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4

Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the application does not validate file types or content when uploading files, such as project logos. It relies on the file extension provided by the user. These files are saved to the 'uploads/' directory and served statically. An attacker can upload a malicious HTML file containing JavaScript code. Because authentication tokens are likely stored in the browser's local storage, this stored cross-site scripting (XSS) issue could lead to account takeover.

Recommendations Versions prior to 4.8.4 should be updated to version 4.8.4 or later.