Vulnerabilidades en nocobase
6 resultadosCVE-2026-34156CRITICALNocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script NodeEPSS 36.5%CVE-2026-41640HIGHNocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager LoadingEPSS 1.9%CVE-2026-41641HIGHNocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` CallEPSS 1.8%CVE-2026-34825HIGHNocoBase Has SQL Injection via template variable substitution in workflow SQL nodeEPSS 0.4%CVE-2026-40346MEDIUMNocoBase has SSRF in Workflow HTTP Request and Custom Request PluginsEPSS 0.4%CVE-2026-6224MEDIUMnocobase plugin-workflow-javascript Vm.js createSafeConsole sandboxEPSS 0.3%