CVE-2026-56781

MEDIUMPre-NVD 5.35.3
EchelonGraph scoreHIGH confidence

Score 5.3 from GitHub Security Advisory published 2026-06-29. the CNA's CVSS baseline 5.3; sources differ by 0.0.

Triggered by: GitHub Security Advisory CVSS
Sources: cna:vulncheck, epss, ghsa
Trending — 3 sources updated this week
5.3
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.3Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share metadata and specify them in projection parameters to read field values that are intended to be restricted from public view.

CVSS v3
5.3
EG Score
5.3(high)
EPSS
13.9%
KEV
Not listed

Published

June 29, 2026

Last Modified

June 30, 2026

Advisory Details (4)

Auto-updated Jun 29, 2026
Patch available. Sources: github_pr, github_release.
generic

Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override | Advisories | VulnCheck

https://www.vulncheck.com/advisories/teable-unauthenticated-hidden-field-disclosure-via-projection-parameter-override
github_release Patch Available

release.2026-06-15T04-43-24Z.1912

Patch available: teableio/teable release.2026-06-15T04-43-24Z.1912

https://github.com/teableio/teable/releases/tag/release.2026-06-15T04-43-24Z.1912
github_pr

[sync] feat(import): Airtable whole-base importer (T5224)

Upstream fix in progress (PR #3353 · teableio/teable, state=closed)

https://github.com/teableio/teable/pull/3353
generic

Unauthenticated hidden-field disclosure in share views via client-supplied projection · Issue #3335 · teableio/teable · GitHub

https://github.com/teableio/teable/issues/3335

Vendor Advisories for CVE-2026-56781(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Frequently asked(5)

What is CVE-2026-56781?
CVE-2026-56781 is a medium vulnerability published on June 29, 2026. Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from share…
When was CVE-2026-56781 disclosed?
CVE-2026-56781 was first published in the National Vulnerability Database on June 29, 2026, with the most recent update on June 30, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-56781 actively exploited?
CVE-2026-56781 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 13.9% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-56781?
CVE-2026-56781 has a CVSS v4.0 base score of 5.3 (CNA self-assessment; NVD's own analysis pending).
How do I remediate CVE-2026-56781?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-56781, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-56781

Explore →

Is Your Infrastructure Affected by CVE-2026-56781?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.