CVE-2026-4586

Summary

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
CodePhiliaXChat2DB0.3.0affected
CodePhiliaXChat2DB0.3.1affected
CodePhiliaXChat2DB0.3.2affected
CodePhiliaXChat2DB0.3.3affected
CodePhiliaXChat2DB0.3.4affected
CodePhiliaXChat2DB0.3.5affected
CodePhiliaXChat2DB0.3.6affected
CodePhiliaXChat2DB0.3.7affected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References