Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-63307

MEDIUM NVD
CVSS Score 6.5
Severity MEDIUM
Published Jul 17, 2026
Vendor unknown

Description

Chat2DB before 5.3.0 contains an insecure direct object reference vulnerability in the GET /api/connection/datasource/{id} endpoint. The handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field, allowing any authenticated non-admin user to enumerate datasource IDs and read the plaintext database credentials of datasources owned by other users.

References