CVE-2026-28358
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint return
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This issue has been patched in version 0.301.3.
MEDIUM · CVSS 5.3
EPSS 0.00599
Schedule remediation
- Public exploit or PoC is available
- SSVC automatable: yes - attacks can be scripted at scale
Sigma rules0
YARA rules0