NocoDB ≤ 0.301.2 User Enumeration via Password Reset Endpoint (CVE-2026-28358)
A user enumeration vulnerability in NocoDB versions up to 0.301.2 allows attackers to determine whether an email address is registered by analyzing responses from the password reset endpoint. This issue may allow attackers to collect valid user accounts for further attacks.