CNNVD-202601-4649 Information

CNNVD ID

CNNVD-202601-4649

Related CVE

CVE-2026-24766

• CNNVD Published: 2026-01-28

Description (Chinese)

NocoDB是nocodb开源的一个 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.0之前版本存在安全漏洞，该漏洞源于/api/v2/meta/connection/test端点存在原型污染，可能导致数据库写入操作失败。

Description (English)

NocoDB is an Airtable alternative to the nocodb open source. Converts any MySql, PostgreSql, Sql Server, Sqlite and MariaDb into smart spreadsheets. There was a security loophole in the pre-NocoDB 0.301. This leak resulted from the prototype contamination of/api/v2/meta/convention/test endpoint, which could lead to a failure of database writing.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

nocodb

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/nocodb/nocodb/security/advisories/GHSA-95ff-46g6-6gw9 https://access.redhat.com/security/cve/cve-2026-24766

Patch

https://github.com/nocodb/nocodb/releases