File Size Limit Bypass in NocoDB Software by NocoDB Inc.
CVE-2026-46553

2.1LOW

Key Information:

Vendor: Nocodb
Status: Nocodb
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-46553?

NocoDB allows users to build databases in a spreadsheet format. Before version 2026.04.1, a vulnerability existed where the upload-by-URL functionality did not properly enforce the file size restrictions based on the Content-Length of remote files or the size of data URIs. This flaw enabled authenticated users to upload files exceeding the intended size limits, potentially compromising data integrity and system stability. The vulnerability has been addressed in the latest release, ensuring that file size constraints are enforced correctly.

Affected Version(s)

nocodb < 2026.04.1

References

https://github.com/nocodb/nocodb/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 14, 2026

CVE-2026-46553 Data

JSON

Nocodb

What is CVE-2026-46553?

Affected Version(s)

References

CVSS V4

Timeline