cve.akaoma.com
Critical SQL Injection Vulnerability in NocoBase (CVE-2026-52887)
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
CVE-2026-52887 is a critical SQL injection vulnerability affecting NocoBase, an AI-powered no-code/low-code platform. The flaw allows unauthenticated remote attackers to execute arbitrary SQL queries via the `latestMsgReceiveTimestamp` parameter in the `/api/myInAppChannels` endpoint. This vulnerability, which has a CVSS score of 10, could lead to unauthorized access, modification, or deletion of database contents. Currently, there is no evidence of public proof-of-concept or active exploitation. Users are advised to upgrade NocoBase to version 2.0.61 or later and implement input validation and parameterized queries to mitigate the risk. The vulnerability was published on July 15, 2026, and is categorized under CWE-89 for improper neutralization of special elements used in SQL commands.
Key Points: • CVE-2026-52887 is a critical SQL injection vulnerability with a CVSS score of 10. • Unauthenticated attackers can exploit this flaw to execute arbitrary SQL queries remotely. • Immediate upgrade to NocoBase version 2.0.61 or later is recommended to mitigate risks.