SSRF in Nocodb
CVE-2026-53927
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the spreadsheet-fetch endpoint (axiosRequestMake) accepted URLs whose path contained a permitted extension anywhere in the string, and applied a hand-rolled reg…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Nocodb — versions < 2026.05.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)