CyberRota
← Ana sayfaya dön

CVE-2026-55410

MEDIUM · CVSS 6.7 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T21:16:55.183 · Çekilme zamanı: 2026-07-16T06:08:39.422988+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-55410
Severity
MEDIUM
CVSS
6.7
EPSS
Yok

Orijinal NVD Açıklaması

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from _metadata.json into shell command strings executed with Node.js child_process.exec(), allowing a backup-management user restoring a crafted backup to execute commands as the NocoBase server process. This vulnerability is fixed in 2.1.19.