logo

Database

Improper authorization control for web services In nocodb

Description

NocoDB: Missing Ownership Check in MCP Attachment Read

Summary

A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership.

Details

The MCP readAttachment tool accepts caller-supplied path/url values and streams the file via the storage adapter. The handler now looks up the path in nc_file_references and requires a non-deleted row whose base_id matches the caller's MCP context before streaming; otherwise it returns Attachment is not accessible from this MCP context. The lookup tolerates both download/uploads/... and uploads/... styles.

Impact

Arbitrary read against shared storage scoped to attachments the caller's MCP context should not see. Exploitation requires an MCP token and a known attachment path.

Credit

This issue was reported by @helwor-01.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-473882. NVD-2026-473883. OSV-2026-473884. GHSA-xxpj-q764-9r6q5. GCVE-2026-47388

References

1. https://github.com/nocodb/nocodb/security/advisories/GHSA-xxpj-q764-9r6q2. https://github.com/nocodb/nocodb/releases/tag/2026.05.1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.