SSRF in Nocodb
CVE-2026-53930
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abu…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Nocodb — versions < 2026.05.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)