Auth bypass in Mathesar-foundation Mathesar

CVE-2026-44719

Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, collaborators.list, tables.metadata.list, explorations.list, and forms.list accept a database_id without veri…

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.