CVE-2026-27005CRITICAL 9.8EPSS p39.6%

CVE-2026-27005CVE-2026-27005

Description

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew (MySQL, PostgreSQL). This allows reading, modifying, or deleting data in those databases depending on the database user's privileges. This issue has been patched in version 4.8.3.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.6% · 2026-06-19T12:03:05Z
Published2026-03-06
Last modified2026-03-10

Underlying weaknesses· 1

CWE-89

References

  1. https://github.com/chartbrew/chartbrew/releases/tag/v4.8.3
  2. https://github.com/chartbrew/chartbrew/security/advisories/GHSA-w5rh-v333-qq6c

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25888
CVE
CVE-2026-30232
CVE
CVE-2026-40904
CVE
CVE-2026-40600
CVE
CVE-2026-41518
CVE
CVE-2026-29174
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.