CVE-2026-28399

Medium CVSS: 6.2

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3.

Vendor

Nocodb

Product

Nocodb

CWE

CWE-89

Yayın Tarihi

2026-03-02 17:16:35

Güncelleme

2026-03-03 19:02:04

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-89 Nocodb MEDIUM Nocodb 2026

Referanslar

https://github.com/nocodb/nocodb/releases/tag/0.301.3 https://github.com/nocodb/nocodb/security/advisories/GHSA-45rp-9p97-h852

Benzer Kayıtlar

Medium

CVE-2026-28401

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via…

Medium

CVE-2026-28359

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor r…

Low

CVE-2026-28360

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored i…

Medium

CVE-2026-28361

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not valid…

Medium

CVE-2026-28396

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not rev…

Medium

CVE-2026-28397

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, comments rendered via v-html withou…