Vulnerability Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew (MySQL, PostgreSQL). This allows reading, modifying, or deleting data in those databases depending on the database user's privileges. This issue has been patched in version 4.8.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Depomo | Chartbrew | < 4.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/chartbrew/chartbrew/releases/tag/v4.8.3Release Notes
- https://github.com/chartbrew/chartbrew/security/advisories/GHSA-w5rh-v333-qq6cExploitVendor Advisory
FAQ
What is CVE-2026-27005?
CVE-2026-27005 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary ...
How severe is CVE-2026-27005?
CVE-2026-27005 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-27005?
Check the references section above for vendor advisories and patch information. Affected products include: Depomo Chartbrew.