Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41640 |
|
SQL Injection in @nocobase/database (CVE-2026-41640)
SQL injection in @nocobase/database (CVE-2026-41640). Successful exploitation can lead to full system takeover. Exploitable via ``nodeIds``. Mitigation: upgrade to `2.0.39` or later.
|
| CVE-2026-40346 |
|
SSRF (Server-Side Request Forgery) in @nocobase/plugin-workflow-request (CVE-2026-40346)
SSRF in @nocobase/plugin-workflow-request (CVE-2026-40346). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `2.0.37` or later.
|