CVE-2026-47379
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
NocoDB prior to version 2026.05.1 had an issue with password verification in shared-view mode, leading to leakage of the password's length and character prefix through response timing. This vulnerability has been fixed in version 2026.05.1.
Risk Assessment
Organizations using NocoDB may have been exposed to password information leakage, increasing the risk of unauthorized access to data.
Recommendation
It is recommended to upgrade NocoDB to version 2026.05.1 or later to mitigate this vulnerability.
Original NVD description (English source)
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

