CVE Catalog

CVE-2026-56781

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability in Teable before the June 15, 2026 build allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and read field values intended to be restricted from public view.

Risk Assessment

The risk involves unauthorized disclosure of sensitive data stored in hidden fields, potentially leading to leakage of business information or personal data.

Recommendation

Immediately update Teable to the June 15, 2026 build or later, which includes a fix for the improper access control vulnerability.

Original NVD description (English source)

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS