CVE-2026-25877
Authorization Bypass in Chartbrew Allows Unauthorized Chart Access
Publication date: 2026-03-06
Last updated on: 2026-03-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| depomo | chartbrew | to 4.8.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25877 is an Insecure Direct Object Reference (IDOR) vulnerability in the Chart Operations of the Chartbrew application, specifically affecting version 4.8.0 and earlier. The vulnerability occurs because the application only checks authorization based on the project_id parameter when performing chart-related operations like update or delete, but it does not verify if the chart_id actually belongs to that project. This means an authenticated user with access to any project can manipulate or access charts belonging to other users or projects by tampering with the chart_id in requests.
An attacker can exploit this by logging in as one user, capturing a request involving a chart_id, then logging in as another user and substituting their credentials and project_id into the captured request. This bypasses permission checks and allows unauthorized access or modification of charts.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized modification or deletion of sensitive chart data, which may include business-critical information. Such unauthorized changes can mislead decision-making processes, disrupt shared reporting workflows, and cause loss of important visualizations.
In environments where multiple users or teams collaborate, this issue enables horizontal privilege escalation, allowing users to access or alter data they should not have access to. This can result in competitive intelligence leakage and loss of trust among users.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability can lead to compliance violations with regulations such as GDPR and HKPDPO because unauthorized access to or manipulation of data may result in improper handling of personal or sensitive information. This failure to enforce proper access controls undermines data protection requirements mandated by these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring and analyzing requests related to chart operations (such as update or delete) in the Chartbrew application. Specifically, look for requests where the project_id parameter is used for authorization checks but the chart_id parameter is not validated against the project_id.'}, {'type': 'paragraph', 'content': 'A practical way to detect exploitation attempts is to capture and inspect HTTP requests involving chart operations, checking if an authenticated user is able to manipulate charts belonging to other projects by substituting project_id and JWT tokens.'}, {'type': 'paragraph', 'content': 'For example, you can use network traffic capture tools like tcpdump or Wireshark to capture HTTP requests, or use application logs to identify suspicious requests.'}, {'type': 'list_item', 'content': 'Use curl or similar tools to replay requests with different project_id and chart_id values to test if unauthorized access is possible.'}, {'type': 'list_item', 'content': 'Example curl command to test authorization bypass (replace placeholders accordingly):'}, {'type': 'paragraph', 'content': 'curl -X POST https://your-chartbrew-instance/api/charts/update -H "Authorization: Bearer <JWT_TOKEN>" -d \'{"project_id": "<project_id>", "chart_id": "<chart_id>", "data": {...}}\''}, {'type': 'paragraph', 'content': "If the request succeeds in modifying charts not belonging to the authenticated user's project, the vulnerability is present."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended step to mitigate this vulnerability is to upgrade the Chartbrew application to version 4.8.1 or later, where the authorization checks have been corrected to properly validate chart_id against project_id.
Until the update can be applied, restrict access to the Chartbrew application to trusted users only and monitor for suspicious activity involving chart operations.
Additionally, review and tighten access control policies and consider implementing additional logging and alerting for unauthorized access attempts.