PT-2026-46993
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description An authenticated user with columnAdd permission on a Postgres-backed base can perform SQL injection within the formula engine. The issue occurs via the optional direction argument of the...