5 matches found
Prototype Pollution
nocodb is vulnerable to prototype pollution. The vulnerability is due to improper handling of user-controlled input in the /api/v2/meta/connection/test endpoint, which allows an authenticated attacker with org-level-creator permissions to pollute object prototypes and cause application-wide...
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...
CVE-2026-24766 NocoDB Vulnerable to Prototype Pollution in Connection Test Endpoint, Leading to DoS
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...
CVE-2026-24766
NocoDB prior to 0.301.0 is affected by a prototype pollution in /api/v2/meta/connection/test. An authenticated user with org-level-creator permissions can trigger pollution that causes all database write operations to fail until the server is restarted. The issue bypasses SUPER_ADMIN checks but c...
EUVD-2026-4872
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...