PT-2026-50477
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description The 'spreadsheet-import' endpoint axiosRequestMake could be used as a generic HTTP proxy. The endpoint was reachable without authentication, and its URL-extension allowlist used a regular expressi...