CVE-2026-47379

MEDIUM EPSS 16.5%

Published Jun 23, 20261w ago · Modified Jun 24, 20266d ago

6.9 CVSS 4.0

Medium

Published Jun 23, 2026 1w ago

Last Modified Jun 24, 2026 6d ago

Description

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in 2026.05.1.

CVSS Details

Base Score

6.9

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

16.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

CWE-203

References 1

github.com https://github.com/nocodb/nocodb/security/advisories/GHSA-qhxg-623c-cfjm

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.