Teableio Teable vulnerabilities
3 known vulnerabilities affecting teableio/teable.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-56773P2HIGHCVSS 8.8fixed in 2026-06-15T04-43-24Z.19122026-06-26
CVE-2026-56773 [HIGH] CWE-862 CVE-2026-56773: Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenti
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.
nvd
CVE-2026-56781P4MEDIUMCVSS 5.3fixed in 2026-06-15T04-43-24Z.19122026-06-29
CVE-2026-56781 [MEDIUM] CWE-639 CVE-2026-56781: Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allow
Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters t
nvd
CVE-2026-9566P4MEDIUMCVSS 4.3v1.0v1.1+8 more2026-05-26
CVE-2026-9566 [MEDIUM] CWE-79 CVE-2026-9566: A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of t
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and migh
nvd