Vulnerabilities

Report: CVE-2026-30232 - Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs - 2025 Update

2026-04-10 0 views admin

CVE ID :CVE-2026-30232 Published : April 10, 2026, 8:16 p.m. | 1 hour, 28 minutes ago Description :Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-30232

Severity

HIGH

Published

April 10, 2026

🏷️ Tags

report30232chartbrewconnectionvalidationprovidedupdatepublishedcverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-30232 - Chartbrew has SSRF in API Data Connection - No IP Validation on User-Provided URLs - 2025 Update

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: - Password bypass when 2FA is activated CVE-2026-40177

Report: CVE-2026-40175 - Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain - Complete Guide

Report: Ultimate Guide: CVE-2026-40168 - Postiz has Server-Side Request Forgery via Redirect Bypass in /api/public/stream

Report: Update: CVE-2026-39922 - GeoNode < 4.4.5, 5.0.2 SSRF via Service Registration

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting