Known Vulnerabilities for products from Budibase
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Budibase".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54353 json | Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Bud... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-54352 json | Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-54351 json | Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessibl... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-54350 json | Not Provided | 2026-06-26 | 2026-06-30 | |
| CVE-2026-50137 json | Not Provided | 2026-06-26 | 2026-06-29 | |
| CVE-2026-50136 json | Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint tha... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-50132 json | Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token/handoff` is a public end... | Not Provided | 2026-06-26 | 2026-06-30 |
| CVE-2026-48153 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48152 json | Not Provided | 2026-05-27 | 2026-05-27 | |
| CVE-2026-48151 json | Not Provided | 2026-05-27 | 2026-05-28 | |
| CVE-2026-42239 json | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session t... | Not Provided | 2026-05-07 | 2026-06-04 |
| CVE-2026-41428 json | Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressio... | Not Provided | 2026-04-24 | 2026-04-28 |
| CVE-2026-35218 json | Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity name... | Not Provided | 2026-04-03 | 2026-04-08 |
| CVE-2026-35216 json | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Ex... | Not Provided | 2026-04-03 | 2026-04-08 |
| CVE-2026-35214 json | Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/uplo... | Not Provided | 2026-04-03 | 2026-04-08 |
| CVE-2026-31818 json | Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exi... | Not Provided | 2026-04-03 | 2026-04-08 |
| CVE-2026-25044 json | Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided comman... | Not Provided | 2026-04-03 | 2026-04-08 |
| CVE-2026-25043 json | Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s... | Not Provided | 2026-04-03 | 2026-04-21 |
| CVE-2023-29010 json | Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2... | 6.5 - MEDIUM | 2023-04-06 | 2023-04-14 |
| CVE-2022-3225 json | Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. | 5.7 - MEDIUM | 2022-09-16 | 2023-08-02 |