## Critical Supabase RLS Security Vulnerability Exposes Zombielabsv2 Database Table to Public
A critical security vulnerability has been identified in a Supabase project belonging to 'zombielabsv2,' exposing a database table to the public internet. The flaw, flagged by a Supabase security advisor, stems from Row-Level Security (RLS) being disabled on a table within the public schema. This configuration error means anyone with the project's URL can perform unrestricted read, edit, and delete operations on all data within the exposed table, posing a severe data breach risk.

The vulnerability, tagged as `rls_disabled_in_public`, was reported via email on April 15, 2026, concerning the specific Supabase Project ID `ejvavmpieilvigjktugh`. The alert indicates a fundamental misconfiguration where no access controls are in place for the affected table. Without RLS enabled, the table operates with default public permissions, effectively bypassing all authentication and authorization layers that Supabase provides.

To remediate the issue, the project owner must immediately enable RLS on the affected table and define explicit access policies. The provided fix involves executing SQL commands to first enable RLS and then create a policy—such as one granting select access only to authenticated users—to restore proper security. Failure to address this promptly leaves the application's backend data fully exposed to unauthorized access and manipulation, with potential consequences for user privacy and system integrity.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: Data Breach, Cloud Security, Database Vulnerability, Supabase, RLS
- **Credibility**: unverified
- **Published**: 2026-04-16 00:22:54
- **ID**: 66478
- **URL**: https://whisperx.ai/en/intel/66478