CVE-2026-53930
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
NocoDB prior to version 2026.05.1 had a vulnerability in the base-migration endpoint that accepted a caller-supplied URL without enforcing protocol or destination. This allowed scheme abuse and probing of internal HTTP destinations.
Risk Assessment
Organizations may be exposed to attacks that exploit this vulnerability to access internal resources or to transmit data via unauthorized protocols.
Recommendation
It is recommended to update NocoDB to version 2026.05.1 or later to mitigate this vulnerability.
Original NVD description (English source)
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. This vulnerability is fixed in 2026.05.1.

