CVE Catalog

CVE-2026-53930

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

20th percentile - higher than 20% of all known CVEs

Summary

NocoDB prior to version 2026.05.1 had a vulnerability in the base-migration endpoint that accepted a caller-supplied URL without enforcing protocol or destination. This allowed scheme abuse and probing of internal HTTP destinations.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability to access internal resources or to transmit data via unauthorized protocols.

Recommendation

It is recommended to update NocoDB to version 2026.05.1 or later to mitigate this vulnerability.

Original NVD description (English source)

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. This vulnerability is fixed in 2026.05.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS