CVE-2026-44719

The vulnerability resides in several database-scoped RPC methods—collaborators.list, tables.metadata.list, explorations.list, and forms.list—that accept a database_id without verifying that the requesting user is a collaborator on that database. This affects Mathesar versions 0.2.0 through 0.9.x [1].

An authenticated user on the same Mathesar installation can call these methods with a database_id of a database they are not a collaborator on. No additional privileges are required beyond authentication. The attacker can view metadata such as collaborator mappings, table metadata, saved exploration metadata, and form metadata. For forms, the exposed metadata includes form tokens; for public forms, possession of the token is equivalent to possession of the public form link, which allows submission to the form under the form’s configured PostgreSQL role [1].

The vulnerability exposes sensitive metadata but does not grant collaborator access, expose database credentials, or allow access to underlying PostgreSQL table data through Mathesar’s normal database APIs. However, for public forms, the token can be used to submit data, potentially leading to unauthorized data entry. The issue is fixed in Mathesar 0.10.0, which makes database-scoped RPC authorization consistent by verifying that logged-in users are collaborators on the requested database before returning metadata [1].

Upgrading to Mathesar 0.10.0 or later is the recommended mitigation. There is no complete workaround for affected multi-user deployments; deployments where all Mathesar users are mutually trusted are less exposed [1].