Remote Code Execution Risk in NocoDB Database Software
CVE-2026-47382

5.3MEDIUM

Key Information:

Vendor: Nocodb
Status: Nocodb
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-47382?

NocoDB prior to version 2026.05.1 contains a vulnerability that exposes the connection-test endpoint, enabling unauthorized raw TCP socket connections to user-supplied database hosts. This flaw allows malicious actors to bypass destination resolution and range-checking, potentially connecting to private and link-local addresses, including localhost. The issue has been addressed in version 2026.05.1.

Affected Version(s)

nocodb < 2026.05.1

References

https://github.com/nocodb/nocodb/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
May 19, 2026

CVE-2026-47382 Data

JSON

Nocodb

What is CVE-2026-47382?

Affected Version(s)

References

CVSS V4

Timeline