CVE-2026-40603

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 5.0.0

Description Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, regardless of whether the user has access to that specific project. This occurs because the route bypasses project-level authorization and returns the raw project object. Consequently, a low-privileged user within the same team can read dashboard data from another project and recover the stored report password from the response.

Recommendations Update to version 5.0.0.