Description
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing any restrictions on the destination’s origin, domain or protocol. This allows attackers to redirect authenticated users to arbitrary external websites after login. This vulnerability enables phishing attacks by leveraging user trust in the legitimate NocoDB login flow. While it does not directly expose credentials or bypass authentication, it increases the likelihood of credential theft through social engineering. The issue does not allow arbitrary code execution or privilege escalation, but it undermines authentication integrity. Version 0.301.0 fixes the issue.
Published: 2026-01-28
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential theft via phishing through an open redirect
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an unvalidated redirect in NocoDB’s login flow caused by the lack of verification for the continueAfterSignIn parameter. During authentication, the application accepts a user‑controlled value and performs client‑side navigation without checking the destination’s origin, domain or protocol. Although it does not allow code execution or privilege escalation, it enables attackers to redirect legitimate users to malicious sites after login, facilitating phishing attacks and increasing the risk of credential theft.

Affected Systems

Affected systems include the NocoDB application for all versions earlier than 0.301.0. The vulnerability is present in any deployment of NocoDB that includes the unpatched login flow, regardless of the hosting environment.

Risk and Exploitability

The CVSS score of 5.7 rates this issue as moderate, and the EPSS score of less than 1% suggests a low likelihood of exploitation. However, once a user authenticates, a malicious attacker can direct them to arbitrary URLs which could cause phishing success. Because the attack vector requires only the ability to supply a URL to the continueAfterSignIn parameter, it can be leveraged by anyone with access to a login link or through social engineering. The CVE is not listed in the CISA KEV catalog at this time.

Generated by OpenCVE AI on April 18, 2026 at 01:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NocoDB to version 0.301.0 or later.
  • If an immediate upgrade is not feasible, configure the application to reject or validate redirect destinations in the continueAfterSignIn parameter.
  • Educate users about the risk of unexpected redirects post‑login and verify URLs before interacting with external sites.

Generated by OpenCVE AI on April 18, 2026 at 01:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3hmw-8mw3-rmpj NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
History

Wed, 04 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Fri, 30 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nocodb
Nocodb nocodb
Vendors & Products Nocodb
Nocodb nocodb

Wed, 28 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
Description NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSignIn` parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing any restrictions on the destination’s origin, domain or protocol. This allows attackers to redirect authenticated users to arbitrary external websites after login. This vulnerability enables phishing attacks by leveraging user trust in the legitimate NocoDB login flow. While it does not directly expose credentials or bypass authentication, it increases the likelihood of credential theft through social engineering. The issue does not allow arbitrary code execution or privilege escalation, but it undermines authentication integrity. Version 0.301.0 fixes the issue.
Title NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
Weaknesses CWE-601
References
Metrics cvssV4_0

{'score': 5.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Nocodb Nocodb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-29T18:01:18.446Z

Reserved: 2026-01-26T21:06:47.868Z

Link: CVE-2026-24768

cve-icon Vulnrichment

Updated: 2026-01-29T16:03:14.218Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-28T21:16:12.430

Modified: 2026-02-04T20:04:07.483

Link: CVE-2026-24768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses