Platform
nodejs
Component
chartbrew
Fixed in
4.8.2
CVE-2026-25887 describes a Remote Code Execution (RCE) vulnerability discovered in Chartbrew, an open-source web application for creating charts from databases and APIs. This vulnerability allows attackers to execute arbitrary code through manipulation of the MongoDB dataset query. The issue affects versions of Chartbrew prior to 4.8.1 and has been resolved with the release of version 4.8.1.
The RCE vulnerability in Chartbrew's MongoDB dataset query presents a significant security risk. An attacker could inject malicious code into the query, which would then be executed on the server hosting Chartbrew. This could lead to complete system compromise, allowing the attacker to read sensitive data, modify database contents, install malware, or even pivot to other systems on the network. The blast radius extends to any data accessible through the MongoDB connection, potentially including personally identifiable information (PII), financial data, and business-critical information. Successful exploitation could have severe operational and reputational consequences.
CVE-2026-25887 was publicly disclosed on 2026-03-06. The vulnerability's impact is amplified by the ease of crafting malicious MongoDB queries. While no public exploits have been widely reported, the potential for exploitation is considered high due to the RCE nature and the accessibility of MongoDB. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Exploit Status
EPSS
0.13% (32% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-25887 is to immediately upgrade Chartbrew to version 4.8.1 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. Input validation on the MongoDB query parameters is crucial; restrict allowed characters and data types. Web Application Firewalls (WAFs) configured to detect and block malicious query patterns can provide an additional layer of defense. Monitor Chartbrew logs for suspicious activity, particularly unusual query patterns or errors related to MongoDB connections. After upgrading, verify the fix by attempting to execute a crafted malicious query and confirming that it is blocked or handled safely.
Actualice Chartbrew a la versión 4.8.1 o superior. Esta versión contiene la corrección para la vulnerabilidad de ejecución remota de código. La actualización se puede realizar a través del gestor de paquetes o descargando la última versión desde el repositorio oficial.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-25887 is a Remote Code Execution vulnerability in Chartbrew versions prior to 4.8.1, allowing attackers to execute arbitrary code via the MongoDB dataset Query.
You are affected if you are running Chartbrew version 4.8.1 or earlier. Upgrade to version 4.8.1 to mitigate the risk.
The recommended fix is to upgrade Chartbrew to version 4.8.1. If immediate upgrade is not possible, implement input validation and WAF rules as temporary mitigations.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high potential for active campaigns. Monitor security advisories.
Refer to the Chartbrew project's official website and GitHub repository for the latest security advisories and release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.