CVE-2026-35514

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 5.0.0

Description Chartbrew is an open-source web application used to create charts by connecting to databases and APIs. The endpoint "POST /user/invited" fails to validate invite tokens, authentication headers, or sessions. This allows an unauthenticated attacker to call the endpoint directly to create a fully active account and obtain a valid JWT (JSON Web Token), which is a compact, URL-safe means of representing claims to be transferred between two parties. This process bypasses the normal registration endpoint "POST /user", which typically enforces the signupRestricted setting and requires verification by setting the account status to active: false.

Recommendations Update to version 5.0.0.