XSS Vulnerability in Chartbrew Open-Source Application
CVE-2026-27605

6.3MEDIUM

Key Information:

Vendor: Chartbrew
Status: Chartbrew
Vendor: CVE Published:; 6 March 2026

What is CVE-2026-27605?

Chartbrew is an open-source web application that allows users to connect to databases and APIs to create charts. Before version 4.8.4, it could accept uploaded files, such as project logos, without proper validation of their type or contents. This lack of validation meant that the application trusted the file extensions provided by users. Consequently, an attacker could upload an HTML file with malicious JavaScript code. Given that authentication tokens are often stored in localStorage and served through the API, this vulnerability could lead to potential account takeovers. The issue was addressed and resolved in Chartbrew version 4.8.4.

Affected Version(s)

chartbrew < 4.8.4

References

https://github.com/chartbrew/chartbrew/security/advisorie...

x_refsource_CONFIRM

https://github.com/chartbrew/chartbrew/releases/tag/v4.8.4

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Feb 20, 2026

CVE-2026-27605 Data

JSON