← voltar
CVE-2026-56781

Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

CVSS 6.9 MEDIUMCWE-639
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
teableio · teable

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/teableio/teable/issues/3335https://github.com/teableio/teable/pull/3353https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912https://www.vulncheck.com/advisories/teable-unauthenticated-hidden-field-disclosure-via-projection-parameter-override