Vulnerability-Lookup

CNVD-2026-13836

Vulnerability from cnvd - Published: 2026-03-11

Title

NocoDB访问控制错误漏洞

Description

NocoDB是nocodb开源的一个Airtable替代品。将任何MySql、PostgreSql、Sql Server、Sqlite和MariaDb转换为智能电子表格。 NocoDB 0.301.3之前版本存在访问控制错误漏洞。该漏洞源于密码重置流程未撤销现有刷新令牌，攻击者可利用该漏洞在受害者重置密码后继续使用被盗令牌。

Severity

高

Patch Name

NocoDB访问控制错误漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://github.com/nocodb/nocodb/releases

Reference

https://patchstack.com/database/Wordpress/Theme/great-lotus/vulnerability/wordpress-great-lotus-theme-1-3-1-local-file-inclusion-vulnerability?_s_id=cve

Impacted products

Name
NocoDB NocoDB <0.301.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-28396",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-28396"
    }
  },
  "description": "NocoDB\u662fnocodb\u5f00\u6e90\u7684\u4e00\u4e2aAirtable\u66ff\u4ee3\u54c1\u3002\u5c06\u4efb\u4f55MySql\u3001PostgreSql\u3001Sql Server\u3001Sqlite\u548cMariaDb\u8f6c\u6362\u4e3a\u667a\u80fd\u7535\u5b50\u8868\u683c\u3002\n\nNocoDB 0.301.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u91cd\u7f6e\u6d41\u7a0b\u672a\u64a4\u9500\u73b0\u6709\u5237\u65b0\u4ee4\u724c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5bb3\u8005\u91cd\u7f6e\u5bc6\u7801\u540e\u7ee7\u7eed\u4f7f\u7528\u88ab\u76d7\u4ee4\u724c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/nocodb/nocodb/releases",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-13836",
  "openTime": "2026-03-11",
  "patchDescription": "NocoDB\u662fnocodb\u5f00\u6e90\u7684\u4e00\u4e2aAirtable\u66ff\u4ee3\u54c1\u3002\u5c06\u4efb\u4f55MySql\u3001PostgreSql\u3001Sql Server\u3001Sqlite\u548cMariaDb\u8f6c\u6362\u4e3a\u667a\u80fd\u7535\u5b50\u8868\u683c\u3002\r\n\r\nNocoDB 0.301.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bc6\u7801\u91cd\u7f6e\u6d41\u7a0b\u672a\u64a4\u9500\u73b0\u6709\u5237\u65b0\u4ee4\u724c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5bb3\u8005\u91cd\u7f6e\u5bc6\u7801\u540e\u7ee7\u7eed\u4f7f\u7528\u88ab\u76d7\u4ee4\u724c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NocoDB\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NocoDB NocoDB \u003c0.301.3"
  },
  "referenceLink": "https://patchstack.com/database/Wordpress/Theme/great-lotus/vulnerability/wordpress-great-lotus-theme-1-3-1-local-file-inclusion-vulnerability?_s_id=cve",
  "serverity": "\u9ad8",
  "submitTime": "2026-03-10",
  "title": "NocoDB\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2026-28396 (GCVE-0-2026-28396)

Vulnerability from cvelistv5 – Published: 2026-03-02 16:18 – Updated: 2026-03-03 15:57

Title

NocoDB: Refresh Tokens Not Revoked on Password Reset

Summary

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3.

Severity ?

4.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

CWE

CWE-613 - Insufficient Session Expiration

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nocodb/nocodb/security/advisor…	x_refsource_CONFIRM
	https://github.com/nocodb/nocodb/releases/tag/0.301.3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nocodb	nocodb	Affected: < 0.301.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-03T15:57:16.772830Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T15:57:35.051Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nocodb",
          "vendor": "nocodb",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.301.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has been patched in version 0.301.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-02T16:18:46.640Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nocodb/nocodb/security/advisories/GHSA-x4vh-j75g-268g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nocodb/nocodb/security/advisories/GHSA-x4vh-j75g-268g"
        },
        {
          "name": "https://github.com/nocodb/nocodb/releases/tag/0.301.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nocodb/nocodb/releases/tag/0.301.3"
        }
      ],
      "source": {
        "advisory": "GHSA-x4vh-j75g-268g",
        "discovery": "UNKNOWN"
      },
      "title": "NocoDB: Refresh Tokens Not Revoked on Password Reset"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28396",
    "datePublished": "2026-03-02T16:18:46.640Z",
    "dateReserved": "2026-02-27T15:33:57.288Z",
    "dateUpdated": "2026-03-03T15:57:35.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-13836

CVE-2026-28396 (GCVE-0-2026-28396)

Tags

Sightings

Nomenclature