CVE-2026-63307
Received Received - Intake

Insecure Direct Object Reference in Chat2DB Exposes Database Credentials

Vulnerability report for CVE-2026-63307, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/{id} endpoint. The handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field, allowing any authenticated non-admin user to enumerate datasource IDs and read the plaintext database credentials of datasources owned by other users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
ottermind chat2db to 5.3.0 (exc)
forgecode forgecode to 2.11.1 (inc)
chat2db chat2db to 5.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-63307 is an Insecure Direct Object Reference (IDOR) vulnerability in Chat2DB before version 5.3.0. It allows any authenticated non-admin user to read decrypted database passwords of other users' datasources through the GET /api/connection/datasource/{id} endpoint. The vulnerability occurs because the endpoint returns sensitive data without verifying ownership.

Detection Guidance

To detect this vulnerability, check if your Chat2DB instance is running in WEB-mode (multi-user) and if the GET /api/connection/datasource/{id} endpoint returns decrypted passwords without ownership checks. Use API testing tools like curl to send authenticated requests to this endpoint and verify if non-admin users can access other users' datasource credentials.

Impact Analysis

This vulnerability allows unauthorized users to access sensitive database credentials. Attackers could use these credentials to connect to databases, steal data, or perform further attacks. The impact includes data breaches, unauthorized access to sensitive information, and potential lateral movement within affected systems.

Compliance Impact

This vulnerability likely violates compliance requirements such as GDPR (data protection) and HIPAA (health information privacy) by exposing sensitive data without proper access controls. Organizations using affected versions may face regulatory penalties, legal liabilities, and reputational damage due to unauthorized data access.

Mitigation Strategies

Upgrade to Chat2DB version 5.3.0 or later, which includes fixes for this vulnerability. Ensure the DataSourceServiceImpl.queryExistent() method or DataSourceController.queryById handler implements ownership checks before returning sensitive data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-63307. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart