DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-24768: The 'Continue' to Nowhere: Breaking NocoDB's Login Flow

#security #cve #cybersecurity

The 'Continue' to Nowhere: Breaking NocoDB's Login Flow

Vulnerability ID: CVE-2026-24768
CVSS Score: 5.7
Published: 2026-01-28

An Open Redirect vulnerability in NocoDB allows attackers to hijack the post-login redirection flow. By manipulating the 'continueAfterSignIn' parameter, threat actors can seamlessly bounce authenticated users from a legitimate NocoDB instance to a malicious phishing domain, leveraging the user's trust in the platform to harvest credentials.

TL;DR

NocoDB trusted a simple regex to handle URL redirections after login. It failed. Attackers can abuse the continueAfterSignIn parameter to redirect users to arbitrary external sites immediately after they enter their credentials. This turns a trusted login page into a perfect launchpad for phishing campaigns. Fixed in version 0.301.0.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-601 (Open Redirect)
  • CVSS 4.0: 5.7 (Medium)
  • Attack Vector: Network
  • Privileges Required: Low (User needs to be authenticated for the redirect to trigger)
  • User Interaction: None (Automatic post-login)
  • Exploit Status: PoC Available / Trivial

Affected Systems

  • NocoDB < 0.301.0
  • NocoDB: < 0.301.0 (Fixed in: 0.301.0)

Code Analysis

Commit: 6befda4

Fix: Open Redirect vulnerability in login flow

UNKNOWN (See GitHub Link)
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • Manual Analysis: The attack involves appending a continueAfterSignIn parameter with an external URL to the login endpoint.

Mitigation Strategies

  • Upgrade NocoDB to version 0.301.0 or later.
  • Implement strict input validation on the continueAfterSignIn parameter.
  • Use Web Application Firewall (WAF) rules to block external URLs in redirect parameters.

Remediation Steps:

  1. Identify the running version of NocoDB.
  2. Backup your data (SQLite, MySQL, or PostgreSQL).
  3. Pull the latest Docker image: docker pull nocodb/nocodb:latest.
  4. Restart the container.
  5. Verify the fix by attempting to navigate to /signin?continueAfterSignIn=https://example.com.

References

Read the full report for CVE-2026-24768 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)