CVE-2026-56773

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.

Vulnerability Details

Published Date

June 26, 2026

Last Modified

June 26, 2026

CWE ID

CWE-862

Source

NVD

Vendor

teableio

Product

teable

External References

https://github.com/teableio/teable/pull/3285
https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912
https://www.vulncheck.com/advisories/teable-missing-authorization-in-v2-rest-api

CVE-2026-56773

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment