CVE-2026-28361 Overview
CVE-2026-28361 is an authorization bypass vulnerability in NocoDB, a popular open-source platform for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service failed to validate token ownership, enabling a Creator within the same base to read, regenerate, or delete another user's MCP tokens if the token ID was known. This vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key).
Critical Impact
Authenticated users with Creator role can access, modify, or delete other users' MCP tokens within the same base, potentially leading to unauthorized access to integrated services and data exposure.
Affected Products
- NocoDB versions prior to 0.301.3
- All NocoDB installations with MCP token functionality enabled
- Multi-user NocoDB deployments with Creator-level access
Discovery Timeline
- 2026-03-02 - CVE CVE-2026-28361 published to NVD
- 2026-03-03 - Last updated in NVD database
Technical Details for CVE-2026-28361
Vulnerability Analysis
This vulnerability stems from an Insecure Direct Object Reference (IDOR) issue within the MCP token service. The application fails to properly verify that the requesting user owns the token they are attempting to access. When a Creator within a base sends a request targeting another user's MCP token, the service processes the request without validating token ownership, granting unauthorized access to sensitive token data.
The attack requires the attacker to know or enumerate valid token IDs belonging to other users. Once a valid token ID is obtained, the attacker can perform read, regenerate, or delete operations on that token, effectively compromising the victim's MCP integrations.
Root Cause
The root cause is insufficient authorization checks in the MCP token service endpoint handlers. The service validates that the requester has Creator privileges within the base but fails to verify that the specified token ID belongs to the requesting user. This creates a horizontal privilege escalation scenario where users at the same privilege level can access each other's resources.
Attack Vector
The vulnerability is exploitable over the network by authenticated users with Creator role access. An attacker would need to:
- Authenticate to the NocoDB instance with Creator-level privileges
- Identify or enumerate valid MCP token IDs belonging to other users in the same base
- Send API requests targeting those token IDs to read, regenerate, or delete the tokens
The attack does not require user interaction and can be performed with low complexity. While the attacker needs valid credentials and Creator role access, the vulnerability allows them to exceed their intended authorization scope.
Since no verified code examples are available for this vulnerability, the exploitation mechanics involve crafting API requests to the MCP token service endpoints with another user's token ID. The service would process these requests without ownership validation, returning token data or executing modification/deletion operations. Refer to the GitHub Security Advisory GHSA-p9x3-w98f-7j3q for additional technical details.
Detection Methods for CVE-2026-28361
Indicators of Compromise
- Unusual API requests to MCP token service endpoints from Creator accounts
- Multiple token read, regenerate, or delete operations targeting different user tokens from a single session
- Access logs showing token ID enumeration patterns
- User reports of unexpected MCP token changes or invalidated integrations
Detection Strategies
- Monitor API access logs for MCP token service endpoints and correlate token IDs with requesting user ownership
- Implement alerting for users performing token operations on IDs they do not own
- Review audit logs for bulk token operations or rapid sequential requests to token endpoints
- Configure rate limiting on token management endpoints to slow enumeration attempts
Monitoring Recommendations
- Enable comprehensive logging for all MCP token service operations including token ID and requesting user
- Implement real-time alerting for authorization anomalies in token management functions
- Periodically audit Creator-level user activity for unusual token access patterns
- Monitor for token regeneration spikes that could indicate exploitation attempts
How to Mitigate CVE-2026-28361
Immediate Actions Required
- Upgrade NocoDB to version 0.301.3 or later immediately
- Audit MCP token access logs to identify potential unauthorized access
- Regenerate all MCP tokens as a precautionary measure if exploitation is suspected
- Review Creator-level user access and remove unnecessary privileges
Patch Information
NocoDB has addressed this vulnerability in version 0.301.3. The patch adds proper token ownership validation to the MCP token service, ensuring that users can only access, regenerate, or delete tokens that belong to them. Organizations should upgrade to the patched version as soon as possible. The release details are available at the GitHub Release 0.301.3.
Workarounds
- Restrict Creator role assignments to only essential personnel until the patch is applied
- Implement network-level access controls to limit who can reach the NocoDB API
- Consider temporarily disabling MCP token functionality if not critical to operations
- Deploy a web application firewall (WAF) rule to monitor and restrict access to token management endpoints
# Configuration example - Restrict access to NocoDB API via nginx
# Add to nginx configuration to limit MCP token endpoint access
location /api/v1/mcp-tokens {
# Allow only specific IP ranges
allow 10.0.0.0/8;
deny all;
# Rate limiting
limit_req zone=token_limit burst=5 nodelay;
proxy_pass http://nocodb_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
