CVE-2026-28358

MEDIUM

NocoDB <0.301.3 - Info Disclosure

Title source: llm

Description

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3.

References (2)

[Release Notes] https://github.com/nocodb/nocodb/releases/tag/0.301.3

[Vendor Advisory] https://github.com/nocodb/nocodb/security/advisories/GHSA-387m-j3p9-3php

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 11.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-204

Status published

Affected Products (2)

nocodb/nocodb < 0.301.3

npm/nocodb < 0.301.3npm

Timeline

Published Mar 02, 2026

Tracked Since Mar 03, 2026