CNNVD-202601-4643 Information

CNNVD ID

CNNVD-202601-4643

Related CVE

CVE-2026-24769

• CNNVD Published: 2026-01-28

Description (Chinese)

NocoDB是一个开源 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.0之前版本存在代码问题漏洞，该漏洞源于附件处理机制存在存储型跨站脚本，可能导致账户泄露和数据渗漏。

Description (English)

NocoDB is an open-source Airtable alternative. Converts any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into smart spreadsheets. There is a code problem gap in the pre-NocoDB 0.301. This gap stems from the storage-type cross-site script of the Annex Processing Mechanism, which may lead to an account leak and data leakage.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/nocodb/nocodb/security/advisories/GHSA-q5c6-h22r-qpwr https://access.redhat.com/security/cve/cve-2026-24769

Patch

https://github.com/nocodb/nocodb/releases