CVE-2026-53929

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

CVE-2026-53929

NocoDB (pre-2026.05.1) is affected by a Stored Cross-Site Scripting vulnerability when NC_SECURE_ATTACHMENTS=true. An authenticated uploader could deliver .html or .svg attachments that the browser renders inline from the NocoDB origin due to a header-key casing mismatch (ResponseContentDispositi...

NocoDB: Stored Cross-Site Scripting via Secure Attachment

Summary With NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. Details The signed attachment handler stored response-header overrides under PascalCase keys...

PT-2026-50475

Summary With NC SECURE ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. Details The signed attachment handler stored response-header overrides under PascalCase keys...

How to Enable App Interaction Between XenMobile Secure Mail and Microsoft Office Apps

This document will help you understand how the XenMobile managed Secure Mail application will use Microsoft Office application to open the attachments in a controlled and secured manner. Environment Machine| Details ---|--- Active Directory| Win 2012 Certificate Authority| NA SQL Database| MS SQL...