CVE-2026-25887
Published: 06 March 2026
Summary
CVE-2026-25887 is a high-severity Code Injection (CWE-94) vulnerability in Depomo Chartbrew. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Validates inputs used in dynamic code generation to block injected directives.
Directly prevents execution of attacker-supplied code written into data memory regions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
RCE via code injection (CWE-94) in public-facing web app (MongoDB query feature) directly enables T1190 exploitation and T1059.007 JavaScript command execution on the server.
NVD Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has…
more
been patched in version 4.8.1.
Deeper analysisAI
CVE-2026-25887 is a remote code execution vulnerability in Chartbrew, an open-source web application that connects directly to databases and APIs to generate charts from data. The flaw exists in the MongoDB dataset Query feature in versions prior to 4.8.1 and is classified under CWE-94 (Code Injection). It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
An attacker with high privileges, such as an authenticated administrator, can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows remote code execution on the server, granting high-impact access to confidentiality, integrity, and availability, potentially leading to full system compromise.
The issue has been addressed in Chartbrew version 4.8.1, as detailed in the project's release notes and security advisory. Practitioners should upgrade to this version or later to mitigate the vulnerability. Relevant resources include the GitHub release page at https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1 and the advisory at https://github.com/chartbrew/chartbrew/security/advisories/GHSA-x4r6-prmw-7wvw.
Details
- CWE(s)