Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated network vector with trivial bypass; scope changes as internal services outside NocoDB's security domain yield high confidentiality impact with no integrity or availability effect.
Primary rating from Vendor (https://github.com/nocodb/nocodb).
CVSS VectorVendor: https://github.com/nocodb/nocodb
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Summary
The spreadsheet-import endpoint axiosRequestMake could be used as a generic HTTP proxy. Before the fix it was reachable unauthenticated, and its URL-extension allowlist was a regex tested against the full URL string, so URLs whose query string ended in .csv (for example https://example.com/robots.txt?.csv) satisfied the gate even though the underlying request was for robots.txt.
Details
Three layers of protection now apply to the endpoint:
- The controller is decorated with
@UseGuards(DataApiLimiterGuard, GlobalGuard)
and @Acl('fetchViaUrl'), so unauthenticated callers and callers without the editor role are rejected before the request body is processed.
- The extension allowlist is tested against
url.pathnameonly. Callers can
no longer satisfy the regex by appending a .csv suffix to the query string.
- The downstream axios call is wired to
useAgent(url)from
request-filtering-agent, which blocks RFC 1918, loopback, link-local, and other private destinations at the socket layer.
Impact
Unauthenticated callers could previously coerce the NocoDB process to issue HTTP requests on their behalf, including to internal services reachable from the host. With the auth gate in place and the pathname-anchored extension check combined with socket-layer destination filtering, the endpoint is no longer usable as a generic proxy and can no longer reach private ranges.
Credit
This issue was reported by the GitHub Security Lab (@p-, @m-y-mo).
AnalysisAI
Server-Side Request Forgery in NocoDB (npm/nocodb <= 0.301.3) allowed unauthenticated remote attackers to coerce the NocoDB server process into issuing arbitrary outbound HTTP requests, including to RFC 1918 internal services, cloud metadata endpoints, and loopback addresses. The attack exploited two compounding weaknesses: the spreadsheet-import endpoint axiosRequestMake required no authentication, and its file-extension allowlist regex was evaluated against the full URL string rather than the pathname alone, making bypass trivial by appending ?.csv to any URL's query string. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network-reachable access to a NocoDB instance running version 0.301.3 or earlier. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector or EPSS score is present in the available data, so quantitative risk metrics are inferred. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated external attacker sends a POST request to NocoDB's spreadsheet-import API endpoint with a payload containing the URL `http://169.254.169.254/latest/meta-data/iam/security-credentials/my-role?.csv`; the query-string `.csv` suffix satisfies the extension allowlist regex, and the NocoDB server fetches the AWS instance metadata endpoint and returns the temporary IAM credential JSON in the response body. No prior account, session, or knowledge of internal hostnames beyond the cloud metadata address is required. |
| Remediation | No confirmed patched npm release version is available in the input data; the advisory records 'None' as the fixed version, which may indicate that the source-level fix (described in GHSA-hmcr-rmjq-47qr as adding `@UseGuards(DataApiLimiterGuard, GlobalGuard)`, `@Acl('fetchViaUrl')`, pathname-anchored extension checks, and `request-filtering-agent` socket filtering) has not yet been published to the npm registry as of this analysis. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38600
GHSA-hmcr-rmjq-47qr