Remote Code Execution (RCE)

@nocobase/plugin-workflow-javascript is vulnerable to Remote Code Execution. The vulnerability is due to improper sandbox isolation in the Workflow Script Node, where the exposed console object allows access to host-realm WritableWorkerStdio stream objects via console.stdout and console.stderr,...

SQL Injection

Overview @nocobase/plugin-collection-sql is a Provides SQL collection template Affected versions of this package are vulnerable to SQL Injection through the update handler in the collection SQL resource. An attacker can submit a malicious sql value while updating a SQL-backed collection and have ...

@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...

GHSA-WRWH-C28M-9JJH @nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...

PT-2026-34610

Name of the Vulnerable Software and Affected Versions @nocobase/plugin-collection-sql versions prior to 2.0.39 Description An issue exists where the checkSQL validation function, designed to block dangerous SQL keywords such as pg read file, LOAD FILE, and dblink, is not applied to the...

EUVD-2026-22122

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

CVE-2026-6224

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

CVE-2026-6224

CVE-2026-6224 affects nocobase plugin-workflow-javascript up to version 2.0.23. The vulnerability is in the function createSafeConsole inside packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js, where certain manipulation leads to a sandbox issue. The issue is exploitable remot...

PT-2026-32532

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...