Known Vulnerabilities for Budibase by Budibase
Listed below are 10 of the newest known vulnerabilities associated with "Budibase" by "Budibase".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54353 json | Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Bud... | Not Provided | 2026-06-26 | 2026-06-29 |
| CVE-2026-54352 json | Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/... | Not Provided | 2026-06-26 | 2026-06-27 |
| CVE-2026-54351 json | Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessibl... | Not Provided | 2026-06-26 | 2026-06-29 |
| CVE-2026-54350 json | Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app rea... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-50137 json | Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or can enumerate a workspace i... | Not Provided | 2026-06-26 | 2026-06-29 |
| CVE-2026-50136 json | Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint tha... | Not Provided | 2026-06-26 | 2026-06-27 |
| CVE-2026-50132 json | Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public end... | Not Provided | 2026-06-26 | 2026-06-29 |
| CVE-2026-48153 json | Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplie... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-48152 json | Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generi... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-48151 json | Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under build... | Not Provided | 2026-05-27 | 2026-05-28 |