Description
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.
Published: 2026-06-23
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This allows the caller to use that integration even though it would normally belong to a different workspace. The vulnerability is an instance of improper authorization, classified as CWE‑290. It is fixed in 2026.05.1.

Affected Systems

The issue affects the Noco vendor nocodb:nocodb. Versions earlier than 2026.05.1 are vulnerable; the fix was released in the 2026.05.1 update. No other vendors or product variants are listed as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog. The EPSS score is not available. The flaw can be exploited by any authenticated user who has access to a workspace; such a user can call the testConnection API endpoint with the ID of an integration from another workspace. The attack path requires only internal authentication and the ability to specify an integration ID. The impact is confined to the use of integration functionality that belongs to another workspace.

Generated by OpenCVE AI on June 24, 2026 at 10:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the NocoDB installation to version 2026.05.1 or later, which includes the fix for the permission flaw.
  • Restrict the use of the testConnection endpoint to workspace administrators or users with explicit permission, disabling it for general users where possible.
  • Monitor and audit integration usage across workspaces for any anomalous cross‑workspace activity, and review access controls to ensure integration permissions stay confined to the intended workspace.

Generated by OpenCVE AI on June 24, 2026 at 10:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-96fh-m4r8-6v9v NocoDB: Cross-Workspace Integration Use in Connection Test
History

Wed, 24 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Nocodb
Nocodb nocodb
Vendors & Products Nocodb
Nocodb nocodb

Tue, 23 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.
Title NocoDB: Cross-Workspace Integration Use in Connection Test
Weaknesses CWE-290
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T14:40:49.973Z

Reserved: 2026-05-19T19:22:45.728Z

Link: CVE-2026-47381

cve-icon Vulnrichment

Updated: 2026-06-24T14:40:42.413Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:15:05Z

Weaknesses
  • CWE-290

    Authentication Bypass by Spoofing