CVE Catalog

CVE-2026-47379

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

NocoDB prior to version 2026.05.1 had an issue with password verification in shared-view mode, leading to leakage of the password's length and character prefix through response timing. This vulnerability has been fixed in version 2026.05.1.

Risk Assessment

Organizations using NocoDB may have been exposed to password information leakage, increasing the risk of unauthorized access to data.

Recommendation

It is recommended to upgrade NocoDB to version 2026.05.1 or later to mitigate this vulnerability.

Original NVD description (English source)

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS