216.73.216.86

CVE-2026-30232

· Published 10/04/2026 20:16 · Modified 10/04/2026 20:16

Labels: CVE-2026-30232 2026-04-10CVE-2026-30232CWE-918[email protected]

Essential information

Published
10/04/2026 20:16
Modified
10/04/2026 20:16
Author
Creator
CVSS
7.8 HIGH (v3) 7.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chartbrew / chartbrew cpe:2.3:a:chartbrew:chartbrew:*:*:*:*:*:*:*:*

References