What is the CVSS score of CVE-2026-24768?

CVE-2026-24768 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Open Redirect are affected by CVE-2026-24768?

Organizations using NocoDB should be aware of moderate risk from CVE-2026-24768 rated CVSS 6.1. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2026-24768?

Yes, a public proof-of-concept exploit is available for CVE-2026-24768. Prioritise patching immediately. EPSS: 0.0%.

Open Redirect CVE-2026-24768

MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-01-28 security-advisories@github.com

GHSA-3hmw-8mw3-rmpj

Privilege Escalation Authentication Bypass Open Redirect Nocodb

6.1

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.1 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 04, 2026 - 20:04 vuln.today

Public exploit code

CVE Published

Jan 28, 2026 - 21:16 nvd

MEDIUM 6.1

DescriptionGitHub Advisory

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing any restrictions on the destination’s origin, domain or protocol. This allows attackers to redirect authenticated users to arbitrary external websites after login. This vulnerability enables phishing attacks by leveraging user trust in the legitimate NocoDB login flow. While it does not directly expose credentials or bypass authentication, it increases the likelihood of credential theft through social engineering. The issue does not allow arbitrary code execution or privilege escalation, but it undermines authentication integrity. Version 0.301.0 fixes the issue.

AnalysisAI

NocoDB versions prior to 0.301.0 contain an open redirect vulnerability in the login flow where the continueAfterSignIn parameter is not validated, allowing attackers to redirect authenticated users to arbitrary external websites. Public exploit code exists for this vulnerability, which enables phishing attacks by abusing user trust in the legitimate login process to facilitate credential theft through social engineering. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 6.1 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker (requires authentication) could exploit this vulnerability to redirect authenticated users to arbitrary external websites after login.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53523 MEDIUM This Month

6.8 Jun 12

Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire

CVE-2026-45566 MEDIUM This Month

6.1 Jun 10

Open redirect in Roxy-WI versions 8.2.6.4 and prior allows unauthenticated remote attackers to silently redirect authent

CVE-2026-50089 MEDIUM This Month

6.1 Jun 12

Open redirect in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) allows remote unauthenticated attackers to craft Aqara

CVE-2026-10837 MEDIUM This Month

5.1 Jun 17

Open redirection in Password Manager exposes users to phishing attacks by failing to validate the X-Forwarded-Host HTTP

CVE-2026-10839 MEDIUM This Month