PostgreSQL
CVE-2026-40346
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost.
Vulnerable Code
1. Workflow HTTP Request Plugin
packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts lines 117-128:
return axios.request({
url: trim(url), // User-controlled, no validation
method,
headers,
params,
timeout,
...(method.toLowerCase() !== 'get' && data != null
? { data: transformer ? await transformer(data) : data }
: {}),
});The url at line 98 comes directly from user workflow configuration with only whitespace trimming.
2. Custom Request Action Plugin
packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts lines 172-198:
const axiosRequestConfig = {
baseURL: ctx.origin,
...options,
url: getParsedValue(url, variables), // User-controlled via template
headers: { ... },
params: getParsedValue(arrayToObject(params), variables),
data: getParsedValue(toJSON(data), variables),
};
const res = await axios(axiosRequestConfig); // No IP validationMissing Protections
- No
request-filtering-agentor SSRF library (confirmed via grep across entire codebase) - No private IP range filtering
- No cloud metadata endpoint blocking
- No URL scheme validation
- No DNS rebinding protection
Attack Scenario
- Authenticated user creates a workflow with HTTP Request node
- Sets URL to
http://169.254.169.254/latest/meta-data/iam/security-credentials/ - Triggers the workflow
- Server fetches AWS metadata and returns IAM credentials in workflow execution logs
Alternatively via Custom Request action:
- Create custom request with URL
http://127.0.0.1:5432orhttp://10.0.0.1:8080/admin - Execute the action
- Server makes request to internal service
Impact
- Cloud metadata theft: AWS/GCP/Azure credentials via metadata endpoints
- Internal network access: Scan and interact with services on private IP ranges
- Database access: Connect to localhost databases (PostgreSQL, Redis, etc.)
- Authentication required: Yes (authenticated user), but any workspace member can create workflows
Analysis
Summary
NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost.
Vulnerable Code
1. Workflow HTTP Request Plugin
packages/plugins/@nocobase/plugin-workflow-request/src/server/RequestInstruction.ts lines 117-128:
return axios.request({
url: trim(url), // User-controlled, no validation
method,
headers,
params,
timeout,
...(method.toLowerCase() !== 'get' && data != null
? { data: transformer ? await transformer(data) : data }
: {}),
});The url at line 98 comes directly from user workflow configuration with only whitespace trimming.
2. Custom Request Action Plugin
packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts lines 172-198:
const axiosRequestConfig = {
baseURL: ctx.origin,
...options,
url: getParsedValue(url, variables), // User-controlled via template
headers: { ... },
params: getParsedValue(arrayToObject(params), variables),
data: getParsedValue(toJSON(data), variables),
};
const res = await axios(axiosRequestConfig); // No IP validationMissing Protections
- No
request-filtering-agentor SSRF library (confirmed via grep across entire codebase) - No private IP range filtering
- No cloud metadata endpoint blocking
- No URL scheme validation
- No DNS rebinding protection
Attack Scenario
- Authenticated user creates a workflow with HTTP Request node
- Sets URL to
http://169.254.169.254/latest/meta-data/iam/security-credentials/ - Triggers the workflow
- Server fetches AWS metadata and returns IAM credentials in workflow execution logs
Alternatively via Custom Request action:
- Create custom request with URL
http://127.0.0.1:5432orhttp://10.0.0.1:8080/admin - Execute the action
- Server makes request to internal service
Impact
- Cloud metadata theft: AWS/GCP/Azure credentials via metadata endpoints
- Internal network access: Scan and interact with services on private IP ranges
- Database access: Connect to localhost databases (PostgreSQL, Redis, etc.)
- Authentication required: Yes (authenticated user), but any workspace member can create workflows
More in PostgreSQL
View allPostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows re
Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allow
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate t
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve
## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin
Parse Server is an open source http web server backend. Rated critical severity (CVSS 10.0), this vulnerability is remot
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-mvvv-v22x-xqwp