{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-28360","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-02-26T18:38:13.891Z","datePublished":"2026-03-02T16:17:36.693Z","dateUpdated":"2026-03-03T16:01:21.017Z"},"containers":{"cna":{"title":"NocoDB: Plaintext Storage of Shared View Passwords","problemTypes":[{"descriptions":[{"cweId":"CWE-256","lang":"en","description":"CWE-256: Plaintext Storage of a Password","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":2.7,"baseSeverity":"LOW","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U","version":"4.0"}}],"references":[{"name":"https://github.com/nocodb/nocodb/security/advisories/GHSA-mpp2-x7wv-38hv","tags":["x_refsource_CONFIRM"],"url":"https://github.com/nocodb/nocodb/security/advisories/GHSA-mpp2-x7wv-38hv"},{"name":"https://github.com/nocodb/nocodb/releases/tag/0.301.3","tags":["x_refsource_MISC"],"url":"https://github.com/nocodb/nocodb/releases/tag/0.301.3"}],"affected":[{"vendor":"nocodb","product":"nocodb","versions":[{"version":"< 0.301.3","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-03-02T16:17:36.693Z"},"descriptions":[{"lang":"en","value":"NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3."}],"source":{"advisory":"GHSA-mpp2-x7wv-38hv","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-03T16:01:13.262139Z","id":"CVE-2026-28360","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-03T16:01:21.017Z"}}]}}