Executive Summary

CVE-2026-27603 is a high-severity vulnerability in the Chartbrew web application affecting versions up to 4.0.0. The issue exists because the POST endpoint /project/:project_id/chart/:chart_id/filter lacks the necessary authentication and authorization middleware (verifyToken and checkPermissions). This omission allows unauthenticated users to access and retrieve filtered chart data, including sensitive project metadata and team branding information, from any project or team simply by knowing the chart ID.

The vulnerable endpoint does not verify JWT tokens or user permissions, unlike other chart-related endpoints. This means anyone can access sensitive data without logging in, and because chart IDs are integer-based and sequential, an attacker can enumerate all charts in the system to extract data.

The vulnerability is classified under CWE-306: Missing Authentication for Critical Function and was fixed in Chartbrew version 4.8.4 by adding the missing authentication and authorization checks.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have significant impacts including unauthorized data exposure and privacy breaches. Because unauthenticated users can access chart data from any team or project, sensitive information such as project metadata and team branding can be leaked.

Attackers can exploit the lack of authentication to enumerate all charts by their sequential IDs and retrieve confidential data without any credentials, potentially leading to data leakage, loss of confidentiality, and reputational damage.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access the vulnerable POST endpoint without authentication and observing if chart data is returned.'}, {'type': 'paragraph', 'content': 'Specifically, sending unauthenticated POST requests to the endpoint /project/:project_id/chart/:chart_id/filter and checking if filtered chart data, project metadata, or team branding information is accessible indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows unauthenticated access, you can use tools like curl to test this behavior.'}, {'type': 'list_item', 'content': "curl -X POST https://your-chartbrew-instance/project/1/chart/1/filter -d '{}' -v"}, {'type': 'paragraph', 'content': 'If the response contains chart data without requiring authentication tokens, the system is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring network traffic for unauthenticated POST requests to this endpoint can help detect exploitation attempts.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation is to upgrade Chartbrew to version 4.8.4 or later, where this vulnerability has been patched.'}, {'type': 'paragraph', 'content': 'The patch adds the missing verifyToken and checkPermissions("readOwn") middleware to the vulnerable POST /project/:project_id/chart/:chart_id/filter endpoint, enforcing proper authentication and authorization.'}, {'type': 'paragraph', 'content': 'If upgrading immediately is not possible, consider implementing temporary access controls such as network-level restrictions or API gateway rules to block unauthenticated access to the vulnerable endpoint.'}, {'type': 'paragraph', 'content': 'Also, review logs for any suspicious unauthenticated access to the endpoint and rotate any sensitive data that may have been exposed.'}] [1, 2]

Useful 0 Not Useful 0