Scheme Abuse Vulnerability in NocoDB Database Software
CVE-2026-53930

5.1MEDIUM

Key Information:

Vendor: Nocodb
Status: Nocodb
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-53930?

NocoDB, a tool for creating databases in a spreadsheet-like format, had a vulnerability in its base-migration endpoint prior to version 2026.05.1. This flaw allowed for the acceptance of user-supplied URLs which were dereferenced by the migration worker without proper validation of the protocol or destination. This could lead to scheme abuse, including the potential for file or FTP hijacking, as well as probing of internal HTTP destinations. The issue was addressed and resolved in the 2026.05.1 update, emphasizing the importance of keeping software versions up to date to mitigate such risks.

Affected Version(s)

nocodb < 2026.05.1

References

https://github.com/nocodb/nocodb/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 11, 2026

CVE-2026-53930 Data

JSON

Nocodb

What is CVE-2026-53930?

Affected Version(s)

References

CVSS V4

Timeline