NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| nocodb | nocodb | affected |
|
No data.
No data.
No data.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-96fh-m4r8-6v9v | NocoDB: Cross-Workspace Integration Use in Connection Test |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 23 Jun 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1. | |
| Title | NocoDB: Cross-Workspace Integration Use in Connection Test | |
| Weaknesses | CWE-290 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-23T20:17:10.014Z
Reserved: 2026-05-19T19:22:45.728Z
Link: CVE-2026-47381
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses