← back
CVE-2026-28360

NocoDB: Plaintext Storage of Shared View Passwords

CVSS 2.7 LOWEPSS 0.2%CWE-256
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Affected products
nocodb · nocodb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nocodb/nocodb/releases/tag/0.301.3https://github.com/nocodb/nocodb/security/advisories/GHSA-mpp2-x7wv-38hv