CVE-2026-34825— NocoBase Has SQL Injection via template variable substitution in workflow SQL node
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-34825
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoBase Has SQL Injection via template variable substitution in workflow SQL node
Source: NVD (National Vulnerability Database)
Vulnerability Description
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue() without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL. This issue has been patched in version 2.0.30.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nocobase SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nocobase是NocoBase开源的一个低代码平台。 NocoBase 2.0.30之前版本存在SQL注入漏洞,该漏洞源于getParsedValue函数将模板变量直接代入原始SQL字符串而未进行参数化或转义,可能导致任意SQL注入。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-34825
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-34825
请登录查看更多情报信息。
Patch · 1Advisory · 1
- Release v2.0.30 · nocobase/nocobase · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-34825
IV. Related Vulnerabilities
Same product: nocobase
Same vendor: nocobase
- CVE-2026-41641
NocoBase Vulnerable to SQL Validation Bypass via `sqlCollect - CVE-2026-41640
NocoBase Vulnerable to SQL Injection via String Concatenatio - CVE-2026-40346
NocoBase has SSRF in Workflow HTTP Request and Custom Reques - CVE-2026-6224
nocobase plugin-workflow-javascript Vm.js createSafeConsole - CVE-2026-34156
NocoBase Affected by Sandbox Escape to RCE via console._stdo
Same weakness: CWE-89
- CVE-2026-8772
linlinjava litemall Admin Endpoint sql injection - CVE-2026-8771
linlinjava litemall Front-end WeChat API WxGoodsController.j - CVE-2018-25339
Zechat 1.5 SQL Injection via v parameter (time-based blind) - CVE-2018-25338
Zechat 1.5 SQL Injection via hashtag parameter - CVE-2018-25333
Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
V. Comments for CVE-2026-34825
No comments yet