PatchSiren

OtterMind CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH OtterMind CVE published 2026-07-17

CVE-2026-63307

CVE-2026-63307 is an insecure direct object reference vulnerability in Chat2DB before version 5.3.0. The vulnerability exists in the GET /api/connection/datasource/{id} endpoint, where the handler calls dataSourceService.queryExistent(id, ...) without an ownership check and returns the decrypted password field. This allows any authenticated non-admin user to enumerate datasource IDs and read the plaintext [truncated]