CVE-2026-28358

MEDIUM NUCLEI

NocoDB <0.301.3 - Info Disclosure

Title source: llm

Description

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3.

Nuclei Templates (1)

NocoDB - User Enumeration

MEDIUMby DhiyaneshDk

Shodan: http.favicon.hash:-2017596142

References (2)

[Release Notes] https://github.com/nocodb/nocodb/releases/tag/0.301.3

[Vendor Advisory] https://github.com/nocodb/nocodb/security/advisories/GHSA-387m-j3p9-3php

Scores

CVSS v3 5.3

EPSS 0.0091

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-204

Status published

Products (2)

nocodb/nocodb < 0.301.3

npm/nocodb 0 - 0.301.3npm

Published Mar 02, 2026

Tracked Since Mar 03, 2026