Insecure Direct Object Reference in Chat2DB Affects Database Security
CVE-2026-63307
7.1HIGH
What is CVE-2026-63307?
The Chat2DB application before version 5.3.0 has a vulnerability in its API endpoint that allows authenticated, non-admin users to access sensitive database credentials. This issue arises from an absence of proper ownership checks when querying data sources. As a result, users can enumerate datasource IDs and obtain decrypted password information belonging to other users, posing a significant risk to database security and user data integrity.
Affected Version(s)
Chat2DB 0 < 5.3.0
