| Summary | NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check matched any base in any workspace. This vulnerability is fixed in 2026.05.1. |
|---|---|
| Publication Date | June 24, 2026, 6:16 a.m. |
| Registration Date | June 27, 2026, 4:16 a.m. |
| Last Update | June 25, 2026, 11:21 p.m. |