Unauthenticated Account Creation in Chartbrew Open-Source Application
CVE-2026-35514

6.5MEDIUM

Key Information:

Vendor: Chartbrew
Status: Chartbrew
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-35514?

Chartbrew, an open-source web application designed to visualize data from databases and APIs, has identified a significant security flaw in version 4.9.0. The vulnerability arises at the endpoint POST /user/invited, where inadequate validation allows unauthenticated attackers to create active accounts without proper credentials or tokens. This security gap permits unauthorized users to obtain valid JSON Web Tokens (JWTs), even if existing users are present and account creation restrictions are enforced. The vulnerability has been resolved in version 5.0.0, highlighting the importance of updating to this secure release.

Affected Version(s)

chartbrew = 4.9.0

References

https://github.com/chartbrew/chartbrew/security/advisorie...

x_refsource_CONFIRM

https://github.com/chartbrew/chartbrew/releases/tag/v5.0.0

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 3, 2026

CVE-2026-35514 Data

JSON