HIGH
OtterMind
CVE published 2026-07-17
CVE-2026-63307
CVE-2026-63307 is an insecure direct object reference vulnerability in Chat2DB before version 5.3.0. The vulnerability exists in the GET /api/connection/datasource/{id} endpoint, where the handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field. This allows any authenticated non-admin user to enumerate datasource IDs and read the plaintext [truncated]