Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-52888— NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass

CVSS 6.8 · Medium EPSS 0.27% · P19

Affected Version Matrix 1

VendorProductVersion RangeStatus
nocobasenocobase< 2.1.0-alpha.46affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-52888

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
NocoBase: Sensitive Data Exposure via SQL Blacklist Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. In 2.0.59 and earlier, NocoBase @nocobase/plugin-collection-sql used the checkSQL() function in packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts with an incomplete keyword blacklist that did not restrict PostgreSQL system catalog tables such as pg_shadow, pg_roles, and pg_stat_activity, allowing an admin-role user to read password hashes and database metadata through the SQL Collection feature. This vulnerability is fixed in 2.1.0-alpha.46.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不完整的黑名单
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nocobase 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nocobase是NocoBase公司开源的一个低代码平台。 NocoBase 2.1.0-alpha.46之前版本存在安全漏洞,该漏洞源于SQL Collection功能的checkSQL()函数使用了不完整的关键词黑名单,未限制PostgreSQL系统目录表,允许admin角色用户读取密码哈希值和数据库元数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
nocobasenocobase < 2.1.0-alpha.46 -

II. Public POCs for CVE-2026-52888

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-52888

登录查看更多情报信息。

Patches & Fixes for CVE-2026-52888 (2)

Vendor Advisories for CVE-2026-52888 (1)

Same Patch Batch · nocobase · 2026-07-15 · 3 CVEs total

CVE-2026-5288710.0 CRITICALNocoBase: SQL injection in /api/myInAppChannels:list filter to PG-superuser RCE
CVE-2026-554106.7 MEDIUMNocoBase backup restore schema name allows command injection

IV. Related Vulnerabilities

V. Comments for CVE-2026-52888

No comments yet


Leave a comment