CVE-2026-28360

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-28360

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28360.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-28360

Aliases

GHSA-mpp2-x7wv-38hv

Published

2026-03-02T16:17:36.693Z

Modified

2026-03-03T02:57:14.398554Z

Severity

2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator

Summary

NocoDB: Plaintext Storage of Shared View Passwords

Details

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3.

Database specific

{
    "cwe_ids": [
        "CWE-256"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28360.json"
}

References

Affected packages

Git / github.com/nocodb/nocodb

Affected ranges

Type

GIT

Repo

https://github.com/nocodb/nocodb

Events

Introduced

Fixed

391834484b11c429e4ff5677538b3b2f16ca510d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.301.3"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.100.0

0.100.1

0.100.2

0.101.0

0.101.0-beta.0

0.101.2

0.104.1

0.104.2

0.104.3

0.105.0

0.105.1

0.105.2

0.105.3

0.106.0

0.106.0-beta.0

0.106.0-beta.1

0.106.1

0.107.0

0.107.0-beta.0

0.107.0-beta.1

0.107.1

0.107.2

0.107.3

0.107.4

0.107.5

0.108.0

0.108.0-beta.0

0.108.1

0.109.0

0.109.1

0.109.2

0.109.3

0.109.4

0.109.5

0.109.6

0.109.7

0.11.0

0.11.1

0.11.10

0.11.11

0.11.12

0.11.14

0.11.15

0.11.16

0.11.17

0.11.18

0.11.19

0.11.20

0.11.21

0.11.22

0.11.23

0.11.24

0.11.25

0.11.26

0.11.28

0.11.29

0.11.3

0.11.30

0.11.31

0.11.32

0.11.33

0.11.34

0.11.36

0.11.39

0.11.4

0.11.40

0.11.41

0.11.42

0.11.43

0.11.44

0.11.45

0.11.46

0.11.5

0.11.6

0.11.7

0.11.9

0.111.0

0.111.1

0.111.2

0.111.3

0.111.4

0.200.0

0.202.0

0.202.10

0.202.4

0.202.5

0.202.6

0.202.7

0.202.8

0.202.9

0.203.0

0.203.1

0.203.2

0.204.0

0.204.1

0.204.2

0.204.3

0.204.4

0.204.5

0.204.6

0.204.7

0.204.8

0.204.9

0.205.0

0.205.1

0.207.0

0.207.1

0.207.2

0.207.3

0.250.0

0.250.1

0.250.2

0.251.0

0.251.1

0.251.2

0.251.3

0.252.0

0.253.0

0.255.0

0.255.1

0.255.2

0.256.0

0.257.0

0.257.2

0.258.0

0.258.1

0.258.10

0.258.11

0.258.2

0.258.3

0.260.0

0.260.1

0.260.2

0.260.3

0.260.4

0.260.5

0.260.6

0.260.7

0.261.0

0.262.0

0.262.1

0.262.2

0.262.3

0.262.4

0.262.5

0.263.0

0.263.1

0.263.2

0.263.3

0.263.4

0.263.6

0.263.7

0.263.8

0.264.0

0.264.1

0.264.2

0.264.3

0.264.4

0.264.6

0.264.7

0.264.8

0.264.9

0.265.0

0.265.1

0.300.0

0.301.0

0.301.1

0.301.2

0.4.5

0.4.8

0.4.9

0.80.0

0.81.0

0.81.1

0.82.0

0.83.0

0.83.1

0.83.2

0.83.3

0.83.4

0.83.5

0.83.6

0.83.8

0.84.1

0.84.10

0.84.12

0.84.13

0.84.14

0.84.15

0.84.16

0.84.2

0.84.3

0.84.6

0.84.7

0.84.8

0.84.9

0.9

0.90.0

0.90.1

0.90.10

0.90.11

0.90.2

0.90.3

0.90.4

0.90.5

0.90.7

0.90.8

0.90.9

0.91.0

0.91.1

0.91.10

0.91.6

0.91.7

0.91.8

0.91.9

0.92.0

0.92.1

0.92.2

0.92.3

0.92.4

0.96.0

0.96.1

0.96.2

0.96.4

0.97.0

0.98.1

0.98.2

0.98.3

0.98.4

0.99.0

0.99.1

0.99.2

v0.*

v0.10.0

v0.4.2

v0.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28360.json"