CVE-2026-56781
published 2026-06-29CVE-2026-56781: Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by…
PriorityP433medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.23%
13.9th percentile
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| teableio | teable | < 2026-06-15T04-43-24Z.1912 | 2026-06-15T04-43-24Z.1912 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection
ghsa_unreviewed·2026-06-29
CVE-2026-56781 [MEDIUM] CWE-639 Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.
VulDB
teableio teable up to 2026-06-15T04-43-24Z.1911 Share View Records Endpoint projection authorization (ID 3335 / EUVD-2026-40157)
vuldb·2026-06-29·CVSS 5.3
CVE-2026-56781 [MEDIUM] teableio teable up to 2026-06-15T04-43-24Z.1911 Share View Records Endpoint projection authorization (ID 3335 / EUVD-2026-40157)
A vulnerability classified as problematic has been found in teableio teable up to 2026-06-15T04-43-24Z.1911. The impacted element is an unknown function of the component Share View Records Endpoint. Performing a manipulation of the argument projection results in authorization bypass.
This vulnerability is reported as CVE-2026-56781. The attack is possible to be carried out remotely. No exploit exists.
It is recommended to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-29
Published