Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-211r-tabk-6fg2
Vulnerability ID VCID-211r-tabk-6fg2
Aliases CVE-2026-46553
GHSA-8rwr-f68v-cvw6
Summary NocoDB: Attachment Size Limit Bypass via Upload-by-URL
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2026-46553
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2026-46553
cvssv3.1_qr LOW https://github.com/advisories/GHSA-8rwr-f68v-cvw6
cvssv4 2.1 https://github.com/nocodb/nocodb
generic_textual LOW https://github.com/nocodb/nocodb
cvssv3.1_qr LOW https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6
cvssv4 2.1 https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6
generic_textual LOW https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2026-46553
https://github.com/nocodb/nocodb
GHSA-8rwr-f68v-cvw6 https://github.com/advisories/GHSA-8rwr-f68v-cvw6
GHSA-8rwr-f68v-cvw6 https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P Found at https://github.com/nocodb/nocodb
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P Found at https://github.com/nocodb/nocodb/security/advisories/GHSA-8rwr-f68v-cvw6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15031
EPSS Score 0.00047
Published At June 12, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:38:47.945153+00:00 GHSA Importer Import https://github.com/advisories/GHSA-8rwr-f68v-cvw6 38.6.0