SSRF in Chartbrew

CVE-2026-30232

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The ser…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (12.5th percentile) — read the EPSS interpretation.

Affected products

Chartbrew — versions < 4.8.5

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv (x_refsource_CONFIRM)
https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1 (x_refsource_MISC)