CNNVD-202601-4644 Information
CNNVD ID
CNNVD-202601-4644
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
NocoDB是nocodb开源的一个 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.0之前版本存在输入验证错误漏洞,该漏洞源于登录流程中缺少对continueAfterSignIn参数的验证,可能导致未经验证的重定向和钓鱼攻击。
Description (English)
NocoDB is an Airtable alternative to the nocodb open source. Converts any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into smart spreadsheets. There was an input validation error gap in the pre-NocoDB version 0.301. This gap stems from the lack of validation of the ContinueAfterSignIn parameters in the login process, which could lead to uncertified re-direction and fishing attacks.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
nocodb
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/nocodb/nocodb/security/advisories/GHSA-3hmw-8mw3-rmpj https://access.redhat.com/security/cve/cve-2026-24768
Patch
https://github.com/nocodb/nocodb/releases
Share on: