Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2026-24767

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the uploadViaURL functionality due to an unprotected HEAD request. While the subsequent file retrieval logic correctly enforces SSRF protections, the initial metadata request executes without validation. This allows limited outbound requests to arbitrary URLs before SSRF controls are applied. Version 0.301.0 contains a patch for the issue.

Published: Jan 28, 2026
Updated: Feb 5, 2026
CVE: CVE-2026-24767
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
nocodb / nocodb	-	0.301.0

https://github.com/nocodb/nocodb/security/advisories/GHSA-xr7v-j379-34v9

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo