Improper Access Control in Teable by Teableio
CVE-2026-56781

6.9MEDIUM

Key Information:

Vendor

Teableio

Status
Teable
Vendor
CVE Published:
29 June 2026

What is CVE-2026-56781?

Teable prior to version 2026-06-15T04-43-24Z.1912 is susceptible to an improper access control vulnerability. This flaw enables anonymous attackers to exploit the share view records endpoint by supplying arbitrary field IDs via the projection parameter. Through this method, attackers can enumerate hidden field IDs from share metadata, subsequently accessing restricted field values that should remain confidential. This vulnerability raises significant concerns regarding data privacy and unauthorized information disclosure.

Affected Version(s)

teable 0 < 2026-06-15T04-43-24Z.1912

References

https://github.com/teableio/teable/releases/tag/release.2...
release-notes
https://github.com/teableio/teable/issues/3335
technical-description
https://github.com/teableio/teable/pull/3353
issue-tracking

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Chen
.