PT-2026-41351 · Mathesar · Mathesar
Published
2026-05-15
·
Updated
2026-05-15
·
CVE-2026-44718
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mathesar versions 0.2.0 through 0.9.9
Description
An authenticated user can read, replace, or delete saved exploration definitions—including names, descriptions, selected columns, display metadata, filters, sorting, and transformations—belonging to a database where they are not a collaborator. This occurs because the endpoints 'explorations.get', 'explorations.replace', and 'explorations.delete' process the
exploration id without verifying the requesting user's collaborator status on the associated database.Recommendations
Update to version 0.10.0.
Exploit
Fix
Missing Authorization
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mathesar