What is CVE-2026-46549?

CVE-2026-46549 is a low-severity vulnerability in Nocodb, classified under Incorrect Authorization. CVSS score: 2.0/10. Published 2026-06-23.

How severe is CVE-2026-46549?

Low severity. CVSS v3 base score is 2.0 out of 10.

Auth bypass in Nocodb

CVE-2026-46549

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware never consulted either. An OAuth token iss…

Vulnerability class: Broken Access Control

CVSS v3 metric

CVSS v3 base score 2.0 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N.

Affected products

Nocodb — versions < 2026.04.1

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-46549?: CVE-2026-46549 is a low-severity vulnerability in Nocodb, classified under Incorrect Authorization. CVSS score: 2.0/10. Published 2026-06-23.
How severe is CVE-2026-46549?: Low severity. CVSS v3 base score is 2.0 out of 10.