Timing Attack Vulnerability in NocoDB Software
CVE-2026-47379

6.9MEDIUM

Key Information:

Vendor: Nocodb
Status: Nocodb
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-47379?

NocoDB, a platform designed for building databases with spreadsheet-like functionality, was found to have a vulnerability related to its shared-view password management. Versions prior to 2026.05.1 utilized a strict-equality comparison method for validating legacy plaintext passwords. This flaw allowed attackers to exploit timing differences in password checks, revealing critical information such as the length of the password and its initial characters based on the response time. The issue has been resolved in version 2026.05.1 to enhance password security.

Affected Version(s)

nocodb < 2026.05.1

References

https://github.com/nocodb/nocodb/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47379 Data

JSON

Nocodb

What is CVE-2026-47379?

Affected Version(s)

References

CVSS V4

Timeline