CVE-2026-28398

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.3

Description NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored cross-site scripting (XSS). The issue occurs because content provided by users is not properly processed before being displayed, potentially allowing malicious code to be executed within the application.

Recommendations Update to version 0.301.3 or later.