All 5 CVE vulnerabilities found in nocobase, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41641 | NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call CWE-89 | 7.2 | High | 2026-05-07 |
| CVE-2026-41640 | NocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager Loading CWE-89 | 7.5 | High | 2026-05-07 |
| CVE-2026-34825 | NocoBase Has SQL Injection via template variable substitution in workflow SQL node CWE-89 | 8.8AI | HighAI | 2026-04-02 |
| CVE-2026-34156 | NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node CWE-913 | 10.0 | Critical | 2026-03-31 |
| CVE-2025-13877 | nocobase JWT Service jwt-service.ts hard-coded key CWE-321 | 5.6 | Medium | 2025-12-02 |
All 5 known CVE vulnerabilities affecting nocobase with full Chinese analysis, references, and POCs where available.