Teable – Missing Authorization in v2 REST API_CVE-2026-56773

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.

AI Analysis

Missing authorization in Teable's v2 REST API allows authenticated users to bypass checks and access or modify data

Basic Information

ID CVE-2026-56773

Source VulnCheck

Published Jun 26, 2026 at 14:38

Affected Product

Vendor teableio

Product teable

Affected Versions teableio teable 0

CWE Classification

CWE-862

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor teableio

Product Teable

References

{
    "lastseen": "",
    "description": "Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.",
    "published": "2026-06-26T14:38:32.177Z",
    "modified": "2026-06-26T14:38:32.177Z",
    "type": "cve",
    "title": "Teable - Missing Authorization in v2 REST API",
    "source": "VulnCheck",
    "references": "https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912\nhttps://github.com/teableio/teable/pull/3285\nhttps://www.vulncheck.com/advisories/teable-missing-authorization-in-v2-rest-api",
    "id": "CVE-2026-56773",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "teableio teable 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "teable",
    "version": "0",
    "vendor": "teableio",
    "ai_description": "Missing authorization in Teable's v2 REST API allows authenticated users to bypass checks and access or modify data",
    "ai_severity": "High",
    "ai_vendor": "teableio",
    "ai_product": "Teable",
    "ai_version": "0",
    "ai_score": 8.7
}