CVE-2026-25888
Published: 06 March 2026
Summary
CVE-2026-25888 is a high-severity Code Injection (CWE-94) vulnerability in Depomo Chartbrew. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and remediation of the RCE vulnerability by patching Chartbrew to version 4.8.1 or later.
Enforces validation and sanitization of inputs to the vulnerable API endpoint, preventing code injection exploits classified as CWE-94.
Implements boundary protections such as web application firewalls to monitor and control communications to the vulnerable API, blocking or detecting exploitation attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-25888 enables remote code execution via a vulnerable API endpoint in the Chartbrew web application, directly facilitating T1190: Exploit Public-Facing Application.
NVD Description
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been…
more
patched in version 4.8.1.
Deeper analysisAI
CVE-2026-25888 is a remote code execution vulnerability (classified under CWE-94) affecting Chartbrew, an open-source web application designed to connect directly to databases and APIs for creating data visualizations and charts. The flaw exists in a vulnerable API endpoint in versions prior to 4.8.1, allowing arbitrary code execution on the server hosting the application. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility and significant impacts.
An authenticated attacker with low privileges (PR:L), such as a registered user, can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high-level impacts on confidentiality, integrity, and availability, enabling the attacker to execute arbitrary code on the affected Chartbrew server, potentially leading to full system compromise, data exfiltration, or further lateral movement within the environment.
The issue has been addressed in Chartbrew version 4.8.1, as detailed in the project's release notes and security advisory. Security practitioners should upgrade to v4.8.1 or later, review access controls for API endpoints, and monitor for anomalous activity in affected deployments. Relevant resources include the GitHub release page at https://github.com/chartbrew/chartbrew/releases/tag/v4.8.1 and the security advisory at https://github.com/chartbrew/chartbrew/security/advisories/GHSA-875w-45c2-gxq8.
Details
- CWE(s)