What is CVE-2026-24768?

A medium-severity unvalidated redirect vulnerability exists in NocoDB's login flow prior to version 0.301.0. This flaw allows attackers to redirect users to arbitrary external sites, increasing the risk of phishing attacks. Organizations should prioritize patching to mitigate this risk.

What is the severity of CVE-2026-24768?

CVE-2026-24768 has a severity rating of MEDIUM with a CVSS base score of 5.7.

CVE-2026-24768 | Medium Vulnerability in NocoDB

The vulnerability identified as CVE-2026-24768 affects NocoDB, a tool designed for building databases as spreadsheets. This medium-severity vulnerability arises from an unvalidated redirect in NocoDB's login flow, which has been present in all versions prior to 0.301.0. Specifically, the flaw is due to the lack of validation for the `continueAfterSignIn` parameter. During the authentication process, NocoDB accepts a user-controlled redirect value, allowing it to perform client-side navigation without imposing any restrictions on the destination’s origin, domain, or protocol.

As a result, attackers can redirect authenticated users to arbitrary external websites post-login. While this vulnerability does not directly compromise user credentials or bypass authentication, it significantly increases the risk of phishing attacks, exploiting user trust in the legitimate NocoDB login flow. The vulnerability undermines authentication integrity, making organizations more susceptible to social engineering attacks.

The severity of this vulnerability is reflected in its CVSS score of 5.7, categorized as medium. Organizations using NocoDB should prioritize patching to version 0.301.0, which addresses this issue and enhances the overall security posture of their applications. Immediate action is critical to prevent the exploitation of this vulnerability.

Currently, there are no public exploits confirmed for this vulnerability, and it is not listed in the KEV catalog. However, the potential for phishing attacks emphasizes the importance for organizations to remain vigilant and proactive in their security measures.

Vulnerability Details

The unvalidated redirect vulnerability allows attackers to exploit the login process of NocoDB by redirecting users to malicious sites. The vulnerability is classified under CWE-601, indicating an open redirect issue. The affected software versions include all NocoDB versions prior to 0.301.0.

Technical Analysis

The root cause of the vulnerability stems from the improper handling of the `continueAfterSignIn` parameter, which is not validated adequately. This oversight allows for the manipulation of the redirect URL, leading to potential phishing scenarios. The attack vector is network-based, with low complexity and low privileges required for exploitation. Importantly, no user interaction is needed for the attack to occur.

Risk & Impact Analysis

Risk to organizations includes increased vulnerability to phishing attacks that exploit user trust in legitimate login flows. The blast radius is significant as it affects all users of NocoDB versions prior to the patch. Organizations should assess the urgency of this vulnerability based on the CVSS score of 5.7, categorizing it as medium severity. Immediate action to patch the vulnerability is advisable.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability impacts all versions of NocoDB prior to version 0.301.0. Organizations using earlier versions should prioritize updating to the latest version to mitigate potential risks.

Mitigation & Remediation

Organizations should upgrade to NocoDB version 0.301.0 or later to resolve this vulnerability. If immediate patching is not feasible, consider implementing network controls to restrict access to NocoDB until the patch can be applied. Continuous monitoring for unusual authentication patterns can also help in identifying potential exploitation attempts.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor log indicators for any unusual redirect URLs after the login process. Behavioral anomalies such as unexpected redirects to external sites should also be flagged for investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-24768 lies in its ability to facilitate phishing attacks through user trust manipulation. This highlights the need for security teams to implement robust validation checks on user inputs, particularly in authentication flows. Organizations are encouraged to adopt comprehensive security practices, such as regular penetration testing, to identify and mitigate similar vulnerabilities in their applications. For further insights, consider reviewing our guide on penetration testing methodology and the importance of a vulnerability management program to strengthen defenses against evolving threats.

Finally, organizations should stay informed about the latest trends in application security by following our cloud penetration testing guide and implementing regular security assessments to adapt to emerging vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-24768: Medium Vulnerability in NocoDB