Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 18 May 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sun, 17 May 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mathesar-foundation
Mathesar-foundation mathesar |
|
| Vendors & Products |
Mathesar-foundation
Mathesar-foundation mathesar |
Fri, 15 May 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Mathesar is a web application that makes working with PostgreSQL databases both simple and powerful. From 0.2.0 to before 0.10.0, explorations.get, explorations.replace, and explorations.delete operate on an exploration_id without verifying that the requesting user was a collaborator on the exploration’s database. An authenticated user on the same Mathesar installation who knew or guessed an exploration ID could read, replace, or delete a saved exploration belonging to a database where they were not a collaborator. This affected Mathesar-managed saved exploration definitions, including names, descriptions, selected columns, display metadata, filters, sorting, and transformations. This vulnerability is fixed in 0.10.0. | |
| Title | Mathesar: Missing collaborator checks allowed access to saved explorations in other databases | |
| Weaknesses | CWE-639 CWE-862 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-18T15:36:38.645Z
Reserved: 2026-05-07T18:04:17.308Z
Link: CVE-2026-44718
Updated: 2026-05-18T15:36:35.081Z
Status : Deferred
Published: 2026-05-15T19:17:00.590
Modified: 2026-06-17T10:51:16.293
Link: CVE-2026-44718
No data.
OpenCVE Enrichment
Updated: 2026-05-17T17:01:14Z