Auth bypass in Mathesar-foundation Mathesar

CVE-2026-44718

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifyin…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.