Loading market data...
← Back to CVE feed

CVE-2026-47378

UNKNOWN View on NVD ↗

Description

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data list accepted arbitrary link-column IDs from other tables in the same base. This vulnerability is fixed in 2026.04.1.

Published: Jun 23, 2026 21:16 UTC Modified: Jun 23, 2026 21:16 UTC