CVE-2026-28360

Summary

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.

Affected Software

VendorProductVersion RangeStatus
nocodbnocodb< 0.301.3affected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References