CVE-2026-28361
Received Received - Intake
Improper Token Validation in NocoDB Allows Unauthorized MCP Access

Publication date: 2026-03-02

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This issue has been patched in version 0.301.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-02
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-03-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-28361
EUVD
EUVD-2026-9210
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nocodb nocodb to 0.301.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-28361 is a vulnerability in the npm package nocodb, specifically in the MCP token service before version 0.301.3.'}, {'type': 'paragraph', 'content': 'The issue occurs because the MCP token service methods (get(), regenerateToken(), and delete()) do not validate token ownership by failing to filter tokens based on the user ID.'}, {'type': 'paragraph', 'content': "This means that a user with the Creator role within the same database base can read, regenerate, or delete another user's MCP tokens if they know the token ID."}, {'type': 'paragraph', 'content': "This is an authorization bypass vulnerability classified under CWE-639, where authorization mechanisms fail to prevent access to another user's data by manipulating key identifiers."}, {'type': 'paragraph', 'content': 'The vulnerability was fixed in version 0.301.3 of nocodb.'}] [1]

Impact Analysis

This vulnerability can allow a user with the Creator role to access, regenerate, or delete MCP tokens belonging to other users if they know the token ID.

The primary impacts include unauthorized disclosure of scoped tokens and potential denial of service by invalidating tokens.

However, the impact is somewhat limited because the attacker must have the Creator role and know the token ID.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves the MCP token service in NocoDB versions prior to 0.301.3, where token ownership is not validated, allowing a Creator role user to access or manipulate other users' tokens if the token ID is known."}, {'type': 'paragraph', 'content': 'Detection would require monitoring or auditing MCP token operations such as get(), regenerateToken(), and delete() calls to see if tokens belonging to other users are being accessed or manipulated.'}, {'type': 'paragraph', 'content': 'However, no specific commands or network detection methods are provided in the available resources.'}] [1]

Mitigation Strategies

The primary mitigation step is to upgrade NocoDB to version 0.301.3 or later, where the vulnerability has been patched.

Since the vulnerability requires a user with Creator role and knowledge of token IDs, restricting Creator role assignments and protecting token IDs can also reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28361. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart