NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1.
Metrics
Affected Vendors & Products
References
History
Wed, 24 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 24 Jun 2026 01:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nocodb
Nocodb nocodb |
|
| Vendors & Products |
Nocodb
Nocodb nocodb |
Tue, 23 Jun 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1. | |
| Title | NocoDB: User Enumeration via Sign-In Timing | |
| Weaknesses | CWE-208 CWE-307 |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-23T20:33:27.730Z
Updated: 2026-06-24T12:32:30.767Z
Reserved: 2026-05-19T19:22:45.728Z
Link: CVE-2026-47380
Updated: 2026-06-24T12:32:25.295Z
No data.
No data.