CVE-2026-41641 Overview
CVE-2026-41641 is a SQL injection vulnerability in NocoBase, an AI-powered no-code/low-code platform for building business applications. The flaw exists in versions prior to 2.0.39, where the checkSQL() validation function is missing on the sqlCollection:update endpoint. The validation correctly blocks dangerous SQL keywords such as pg_read_file, LOAD_FILE, and dblink on the collections:create and sqlCollection:execute endpoints, but the update path was overlooked. An attacker with collection management permissions can bypass all SQL keyword filtering and execute arbitrary queries. The issue is tracked under CWE-89 and patched in version 2.0.39.
Critical Impact
Authenticated attackers with collection management rights can execute arbitrary SQL, read sensitive files, and exfiltrate database contents from NocoBase deployments.
Affected Products
- NocoBase versions prior to 2.0.39
- NocoBase @nocobase/plugin-collection-sql plugin
- Self-hosted and managed NocoBase business application deployments
Discovery Timeline
- 2026-05-07 - CVE-2026-41641 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-41641
Vulnerability Analysis
NocoBase exposes resource endpoints for managing SQL-backed collections. The checkSQL() function inspects user-supplied SQL strings and rejects dangerous keywords that enable file system reads, cross-database links, or other privileged operations. This filter is consistently applied on collections:create and sqlCollection:execute actions.
The sqlCollection:update action handler did not invoke checkSQL() before persisting changes. An attacker can create a SQL collection with benign content, pass the initial validation, then update the collection with malicious SQL that contains forbidden keywords. When the collection is queried, the stored SQL executes against the underlying database with full application privileges.
Root Cause
The root cause is inconsistent input validation across CRUD handlers in packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts. The update resolver accepted the sql parameter from ctx.action.params.values and forwarded it to the persistence layer without invoking the centralized validator.
Attack Vector
Exploitation requires authenticated access with collection management permissions. The attacker first issues a POST to collections:create with safe SQL to establish a SQL collection. The attacker then issues a PUT to sqlCollection:update containing SQL with previously blocked keywords such as pg_read_file('/etc/passwd') or LOAD_FILE(). A subsequent read against the collection triggers execution of the injected SQL, returning arbitrary query results to the attacker.
await next();
},
update: async (ctx: Context, next: Next) => {
+ const { sql } = ctx.action.params.values || {};
+ if (sql) {
+ try {
+ checkSQL(sql);
+ } catch (e) {
+ ctx.throw(400, ctx.t(e.message));
+ }
+ }
const transaction = await ctx.app.db.sequelize.transaction();
try {
const { upRes } = await updateCollection(ctx, transaction);
Source: GitHub commit 851aee5 — the patch adds the missing checkSQL() call to the update handler so that SQL passed during collection updates is subject to the same keyword denylist as create and execute paths.
Detection Methods for CVE-2026-41641
Indicators of Compromise
- HTTP PUT or POST requests to sqlCollection:update containing keywords like pg_read_file, LOAD_FILE, dblink, COPY, or xp_cmdshell in the sql field
- Database query logs showing SELECT statements that read filesystem paths or initiate outbound connections
- Sudden modifications to existing SQL collections shortly after their creation by the same user account
Detection Strategies
- Inspect NocoBase application logs for repeated sqlCollection:update calls from a single principal followed by sqlCollection:list or read actions on the same collection
- Compare the SQL stored in collection definitions against the checkSQL() denylist; flag any persisted SQL containing prohibited functions
- Correlate authenticated user sessions with database-side audit logs to identify queries running under the application service account that touch system tables or files
Monitoring Recommendations
- Enable database-level auditing for functions such as pg_read_file, pg_ls_dir, COPY ... FROM PROGRAM, and LOAD_FILE
- Alert on any NocoBase API access from accounts that newly acquire collection management roles
- Monitor egress traffic from the database host for unexpected outbound connections that may indicate dblink-style exfiltration
How to Mitigate CVE-2026-41641
Immediate Actions Required
- Upgrade NocoBase to version 2.0.39 or later, which adds checkSQL() validation on the update endpoint
- Audit all existing SQL collections for stored SQL containing denylisted keywords and remove or rewrite them
- Review the membership of roles granting collection management permissions and revoke unnecessary access
Patch Information
The fix is delivered in NocoBase v2.0.39 via pull request #9134 and commit 851aee5. Full details are documented in GHSA-wrwh-c28m-9jjh.
Workarounds
- Restrict collection management permissions to a minimal set of trusted administrators until patching completes
- Run the database service account with least privilege, denying file system read and cross-database link permissions where feasible
- Place a reverse proxy or web application firewall rule in front of NocoBase to inspect sqlCollection:update payloads for forbidden SQL keywords
# Upgrade NocoBase to the patched release
npm install @nocobase/app@2.0.39
yarn nocobase upgrade
yarn nocobase restart
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
