CVE-2026-28360— NocoDB: Plaintext Storage of Shared View Passwords
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-28360
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoDB: Plaintext Storage of Shared View Passwords
Source: NVD (National Vulnerability Database)
Vulnerability Description
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
明文存储口令
Source: NVD (National Vulnerability Database)
Vulnerability Title
NocoDB 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NocoDB是nocodb开源的一个 Airtable 替代品。将任何 MySql、PostgreSql、Sql Server、Sqlite 和 MariaDb 转换为智能电子表格。 NocoDB 0.301.3之前版本存在安全漏洞,该漏洞源于共享视图密码以明文存储并使用直接字符串比较,可能导致凭据泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-28360
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-28360
请登录查看更多情报信息。
Same Patch Batch · nocodb · 2026-03-02 · 10 CVEs total
| CVE-2026-28359 | NocoDB: Stored Cross-Site Scripting via Rich Text Field | |
| CVE-2026-28401 | NocoDB: Stored Cross-Site Scripting via Rich Text Cells | |
| CVE-2026-28398 | NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells | |
| CVE-2026-28358 | NocoDB: User Enumeration via Password Reset Endpoint | |
| CVE-2026-28361 | NocoDB: Missing Ownership Validation in MCP Token Operations | |
| CVE-2026-28399 | NocoDB: SQL Injection via DATEADD Formula | |
| CVE-2026-28357 | NocoDB: Stored Cross-Site Scripting via Formula Cell | |
| CVE-2026-28396 | NocoDB: Refresh Tokens Not Revoked on Password Reset | |
| CVE-2026-28397 | NocoDB: Stored Cross-Site Scripting via Comments |
IV. Related Vulnerabilities
Same product: nocodb
- CVE-2026-28401
NocoDB: Stored Cross-Site Scripting via Rich Text Cells - CVE-2026-28399
NocoDB: SQL Injection via DATEADD Formula - CVE-2026-28398
NocoDB: Stored Cross-Site Scripting via Comments and Rich Te - CVE-2026-28397
NocoDB: Stored Cross-Site Scripting via Comments - CVE-2026-28396
NocoDB: Refresh Tokens Not Revoked on Password Reset
Same vendor: nocodb
- CVE-2026-28401
NocoDB: Stored Cross-Site Scripting via Rich Text Cells - CVE-2026-28399
NocoDB: SQL Injection via DATEADD Formula - CVE-2026-28398
NocoDB: Stored Cross-Site Scripting via Comments and Rich Te - CVE-2026-28397
NocoDB: Stored Cross-Site Scripting via Comments - CVE-2026-28396
NocoDB: Refresh Tokens Not Revoked on Password Reset
V. Comments for CVE-2026-28360
No comments yet