Supabase Security Alert: Critical RLS Vulnerability Exposes Project Data to Public Access

A critical security vulnerability has been detected in Supabase projects, exposing database tables to public read, edit, and delete access. The flaw stems from the absence of Row-Level Security (RLS), a fundamental access control mechanism. Without RLS enabled, anyone possessing a project's URL can gain unrestricted, anonymous access to the data within the affected table, posing an immediate and severe risk of data compromise.

The specific issue, flagged as `rls_disabled_in_public`, was identified in the project `wottle vcjmanighljftajzizat`. This configuration error effectively leaves the table's contents open to the public internet, bypassing all authentication and authorization layers. Supabase has issued a direct warning, categorizing this as a critical issue requiring immediate attention to prevent unauthorized data access, manipulation, or deletion.

This vulnerability underscores a critical misconfiguration risk for developers relying on cloud database platforms. It places all stored data—potentially including user information, application state, or sensitive records—at direct risk of exposure and tampering. The alert serves as a pressing reminder for project administrators to audit and enforce RLS policies across all tables to mitigate the threat of data breaches stemming from overlooked security settings.