CVE-2026-47381

Description

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1.

References

• https://github.com/nocodb/nocodb/security/advisories/GHSA-96fh-m4r8-6v9v