CVE Catalog

CVE-2026-47381

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

NocoDB prior to version 2026.05.1 allowed users in one workspace to access another workspace's integration through the testConnection endpoint by supplying its ID. The issue stemmed from improper permission checks, enabling unauthorized access.

Risk Assessment

Organizations may be exposed to unauthorized access to data and integrations across different workspaces, potentially leading to data leaks or unauthorized operations.

Recommendation

It is recommended to upgrade NocoDB to version 2026.05.1 or later to mitigate this vulnerability and secure access to integrations in workspaces.

Original NVD description (English source)

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS