← volver
CVE-2026-56781

Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

CVSS 6.9 MEDIUMCWE-639
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.9EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
teableio · teable

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/teableio/teable/issues/3335https://github.com/teableio/teable/pull/3353https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912https://www.vulncheck.com/advisories/teable-unauthenticated-hidden-field-disclosure-via-projection-parameter-override