GHSA-xxpj-q764-9r6q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-xxpj-q764-9r6q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-xxpj-q764-9r6q/GHSA-xxpj-q764-9r6q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-xxpj-q764-9r6q
- Aliases
-
- CVE-2026-47388
- Published
- 2026-06-05T16:22:28Z
- Modified
- 2026-06-05T16:30:09.189707038Z
- Severity
-
- 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- NocoDB: Missing Ownership Check in MCP Attachment Read
- Details
-
Summary
A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP
readAttachmenttool did not verify the file's ownership.Details
The MCP
readAttachmenttool accepts caller-suppliedpath/urlvalues and streams the file via the storage adapter. The handler now looks up the path innc_file_referencesand requires a non-deleted row whosebase_idmatches the caller's MCP context before streaming; otherwise it returnsAttachment is not accessible from this MCP context. The lookup tolerates bothdownload/uploads/...anduploads/...styles.Impact
Arbitrary read against shared storage scoped to attachments the caller's MCP context should not see. Exploitation requires an MCP token and a known attachment path.
Credit
This issue was reported by @helwor-01.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-639" ], "github_reviewed": true, "severity": "LOW", "github_reviewed_at": "2026-06-05T16:22:28Z" }- References
Affected packages
npm / nocodb
Package
- Name
- nocodb
- View open source insights on deps.dev
- Purl
- pkg:npm/nocodb