CVE-2026-28360 | THREATINT

Description

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.

PUBLISHED Reserved 2026-02-26 | Published 2026-03-02 | Updated 2026-03-03 | Assigner GitHub_M

LOW: 2.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-256: Plaintext Storage of a Password

Product status

< 0.301.3

affected

References

github.com/...nocodb/security/advisories/GHSA-mpp2-x7wv-38hv

github.com/nocodb/nocodb/releases/tag/0.301.3

cve.org (CVE-2026-28360)

nvd.nist.gov (CVE-2026-28360)

Download JSON