CVE Catalog

CVE-2026-46553

LowCVSS 2.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

NocoDB is software for building databases as spreadsheets. Prior to version 2026.04.1, the upload-by-URL path did not enforce the NC_ATTACHMENT_FIELD_SIZE limit, allowing an authenticated user to bypass the configured per-file size limit.

Risk Assessment

The organization may be exposed to unauthorized uploads of large files, potentially leading to performance issues or data security concerns.

Recommendation

It is recommended to update NocoDB to version 2026.04.1 or later to mitigate this vulnerability.

Original NVD description (English source)

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. This vulnerability is fixed in 2026.04.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS