4 matches found
CVE-2026-46551
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...
SUSE CVE-2026-24767
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...
EUVD-2026-4871
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery SSRF vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, t...
PT-2026-5219
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0 Description A Server-Side Request Forgery SSRF issue exists in the uploadViaURL functionality due to an unprotected HEAD request. The initial metadata request executes without validation, allowing limited...