CVE-2026-53931
NocoDB: Server-Side Request Forgery via the spreadsheet-import endpoint (axiosRequestMake) allowed unauthenticated use as a generic HTTP proxy prior to 2026.05.1, enabling potentially unintended requests to internal destinations. The issue is fixed in 2026.05.1. The GHSA/OSV/PT-Security disclosur...