Open Redirect in Nocodb
CVE-2026-47377
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the client-side hashRedirect plugin called window.location.replace() on a path extracted from the URL hash fragment after only checking hashPath.startsWith('/')…
Vulnerability class: Open Redirect
Affected products
- Nocodb — versions < 2026.04.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)