OAuth Token Management Flaw in NocoDB Affects User Security
CVE-2026-53926

6.3MEDIUM

Key Information:

Vendor: Nocodb
Status: Nocodb
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-53926?

In NocoDB, prior to version 2026.05.1, an issue exists in the user service where the function responsible for revoking OAuth tokens does not execute properly during password changes, resets, or recoveries. This leads to a situation where attackers can maintain unauthorized access through their OAuth grants even after a user has attempted to secure their account. As a result, proper token revocation was not performed, potentially exposing users to significant security risks. This vulnerability has been addressed in version 2026.05.1.

Affected Version(s)

nocodb < 2026.05.1

References

https://github.com/nocodb/nocodb/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 11, 2026

CVE-2026-53926 Data

JSON

Nocodb

What is CVE-2026-53926?

Affected Version(s)

References

CVSS V4

Timeline