Vulnerability Description
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue() without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL. This issue has been patched in version 2.0.30.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nocobase | Nocobase | < 2.0.30 |
Related Weaknesses (CWE)
References
- https://github.com/nocobase/nocobase/commit/75da3dddc4aba739c398f7072725dcf7f548Patch
- https://github.com/nocobase/nocobase/releases/tag/v2.0.30ProductRelease Notes
- https://github.com/nocobase/nocobase/security/advisories/GHSA-vx58-fwwq-5g8jExploitMitigationVendor Advisory
- https://github.com/nocobase/nocobase/security/advisories/GHSA-vx58-fwwq-5g8jExploitMitigationVendor Advisory
FAQ
What is CVE-2026-34825?
CVE-2026-34825 is a vulnerability with a CVSS score of 6.5 (MEDIUM). NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables di...
How severe is CVE-2026-34825?
CVE-2026-34825 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34825?
Check the references section above for vendor advisories and patch information. Affected products include: Nocobase Nocobase.