CVE-2026-41641— NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call
Public Exploits 1
Nuclei · 1 CVE-2026-41641.yaml [template]
Possible ATT&CK Techniques 1AI
T1059.004 · Unix ShellGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41641
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call
Source: NVD (National Vulnerability Database)
Vulnerability Description
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nocobase SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nocobase是NocoBase开源的一个低代码平台。 Nocobase 2.0.39之前版本存在SQL注入漏洞,该漏洞源于sqlCollection:update端点缺少checkSQL验证,可能导致具有集合管理权限的攻击者绕过验证并执行任意SQL。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41641
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL() function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-41641.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41641
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-41641 (2)
Vendor Advisories for CVE-2026-41641 (1)
Vendor Pages for CVE-2026-41641 (1)
- Release v2.0.39 · nocobase/nocobase · GitHubx_refsource_MISC
IV. Related Vulnerabilities
Same product: nocobase
Same vendor: nocobase
- CVE-2026-41640
NocoBase Vulnerable to SQL Injection via String Concatenatio - CVE-2026-40346
NocoBase has SSRF in Workflow HTTP Request and Custom Reques - CVE-2026-6224
nocobase plugin-workflow-javascript Vm.js createSafeConsole - CVE-2026-34825
NocoBase Has SQL Injection via template variable substitutio - CVE-2026-34156
NocoBase Affected by Sandbox Escape to RCE via console._stdo
Same weakness: CWE-89
- CVE-2026-9364
projectworlds Online Art Gallery Shop adminHome.php sql inje - CVE-2026-9356
SourceCodester Hospitals Patient Records Management System m - CVE-2026-9355
SourceCodester Hospitals Patient Records Management System M - CVE-2026-9342
SourceCodester Hospitals Patient Records Management System v - CVE-2018-25352
WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via
V. Comments for CVE-2026-41641
No comments yet