CVE-2026-28361

Medium CVSS: 4.9

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3.

Vendor

Nocodb

Product

Nocodb

CWE

CWE-639

Yayın Tarihi

2026-03-02 17:16:34

Güncelleme

2026-03-03 19:00:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Nocodb MEDIUM Nocodb 2026

Referanslar

https://github.com/nocodb/nocodb/releases/tag/0.301.3 https://github.com/nocodb/nocodb/security/advisories/GHSA-p9x3-w98f-7j3q

Benzer Kayıtlar

Medium

CVE-2026-28399

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator…

Medium

CVE-2026-28401

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via…

Medium

CVE-2026-28359

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor r…

Low

CVE-2026-28360

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored i…

Medium

CVE-2026-28396

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev…

Medium

CVE-2026-28397

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html withou…