CVE-2026-46550 | NocoDB up to 2026.04.0 token-refresh Endpoint sameSite missing secure attribute (GHSA-f74w-272x-mqcv / EUVD-2026-38585)
A vulnerability was found in NocoDB up to 2026.04.0. It has been rated as problematic. This affects an unknown function of the component token-refresh Endpoint. This manipulation of the argument sameSite causes sensitive cookie without secure attribute.
This vulnerability is handled as CVE-2026-46550. The attack can be initiated remotely. There is not any exploit available.
Upgrading the affected component is advised.