2 matches found
CVE-2026-46551
CVE-2026-46551 affects NocoDB’s v1/v2 attachment API upload-by-url. Before 2026.04.4, the uploadViaURL path did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote content-length or response stream. The HEAD probe read content-length but wasn’t compared to the limit, and storageAdapter.fileCr...
NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion
NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...