CVE-2026-52887 | NocoBase up to 2.0.60 Notification /api/myInAppChannels Sequelize.literal latestMsgReceiveTimestamp sql injection

SecurityVulns

A vulnerability, which was classified as critical, was found in NocoBase up to 2.0.60. Affected by this issue is the function Sequelize.literal of the file /api/myInAppChannels of the component Notification. Executing a manipulation of the argument latestMsgReceiveTimestamp can lead to sql injection.

This vulnerability is tracked as CVE-2026-52887. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More