CVE-2026-30232

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.5

Description Chartbrew is a web application that connects to databases and APIs to create charts. Before version 4.8.5, authenticated users could create API data connections with arbitrary URLs. The server fetches these URLs using the request-promise library without validating IP addresses, which allows for Server-Side Request Forgery (SSRF) attacks against internal networks and cloud metadata endpoints.

Recommendations Update to version 4.8.5 or later.