CVE-2026-24768

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0

Description An unvalidated redirect, specifically an open redirect, exists in NocoDB’s login flow due to insufficient validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and navigates to the specified URL without restrictions on its origin, domain, or protocol. This allows attackers to redirect authenticated users to arbitrary external websites after login, potentially enabling phishing attacks by exploiting user trust in the legitimate NocoDB login process. The issue does not allow arbitrary code execution or privilege escalation, but it compromises authentication integrity. The vulnerable component uses a regular expression ^(https?:)?/// to validate URLs, which permits any HTTP(S) URL and protocol-relative URLs. The navigateTo() function then performs the redirection based on this validation. An attacker can craft a malicious login URL containing a controlled redirect target, such as https://victim-nocodb.example/#/signin?continueAfterSignIn=https://evil-phishing.com/fake-login, to redirect users to a phishing site after successful authentication.

Recommendations Versions prior to 0.301.0 should be updated to version 0.301.0 or later.