Listen to this Post
The vulnerability, present in Chartbrew versions prior to 4.8.3, is an unauthenticated SQL injection flaw in the handling of date-type variables. The core issue resides in the `applyMysqlOrPostgresVariables` function, which fails to properly sanitize user-supplied input when constructing database queries. An attacker can exploit this by sending a specially crafted request to the application that manipulates date parameters. Because the application does not validate or escape this input before embedding it into SQL queries destined for connected MySQL or PostgreSQL databases, an attacker can break out of the intended data context and append arbitrary SQL statements. This allows the attacker to execute any SQL command, including SELECT, INSERT, UPDATE, or `DELETE` operations, effectively granting them the ability to read, modify, or destroy data within the connected databases based on the privileges of the database user configured in Chartbrew .
dailycve form:
Platform: Chartbrew
Version: < 4.8.3
Vulnerability : SQL Injection
Severity: Critical
date: 06/03/2026
Prediction: Patched (4.8.3)
What Undercode Say:
Analytics
The vulnerability is severe due to its network-based attack vector, low complexity, and the fact that it requires no privileges or user interaction, as indicated by a CVSS score of 9.8 . This allows any external attacker to directly compromise the confidentiality, integrity, and availability of the underlying databases linked to a Chartbrew instance.
Bash/Code Snippets
The following demonstrates how an attacker might identify a vulnerable Chartbrew instance and test for the SQL injection.
Check the version of a running Chartbrew instance (if exposed via API)
curl -s http://target-chartbrew.com/api/health | jq .version
If version is 4.8.2 or lower, it is vulnerable.
Example of a malicious payload targeting a date parameter.
This payload attempts to append a UNION-based SQL query to extract data.
Original request might look like: POST /api/v1/queries/run with body {"date_from": "2026-01-01"}
Malicious Payload
PAYLOAD='{"date_from": "2026-01-01\"; SELECT FROM users; --"}'
Send the exploit
curl -X POST http://target-chartbrew.com/api/v1/queries/run \
-H "Content-Type: application/json" \
-d "$PAYLOAD"
Exploit:
- Entry Point: Unauthenticated HTTP request to an endpoint that handles date-based variables for database queries (e.g., chart data endpoints).
- Mechanism: The attacker injects SQL syntax into a date parameter. For example, instead of a standard date, the input includes a single quote to terminate the SQL string, followed by malicious SQL commands, and then comments out the rest of the original query.
- Outcome: The modified query is executed by the database, allowing data exfiltration (
UNION SELECT), modification (UPDATE), or deletion (DROP), depending on the connected database user’s permissions.
Protection from this CVE
- Patch: Immediately upgrade Chartbrew to version 4.8.3 or later, which contains the fix for the insecure date-type variable handling .
- Database Hardening: Apply the principle of least privilege to the database user accounts that Chartbrew uses. The account should have only the necessary permissions (e.g., `SELECT` on specific tables) and not
INSERT,UPDATE,DELETE, or `DROP` privileges unless absolutely required. - Web Application Firewall (WAF): Deploy or configure a WAF to inspect incoming requests for common SQL injection patterns and block them before they reach the application.
Impact
A successful exploit of CVE-2026-27005 results in a complete compromise of the connected database. An attacker can gain unauthorized access to all data stored in the database (confidentiality breach), modify or corrupt the data (integrity breach), and potentially delete entire tables or databases (availability breach). This can lead to data theft, service disruption, and further lateral movement within the network if the database contains credentials or other sensitive information.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

