CVE-2026-25041

High CVSS: 8.6

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other connection parameters are directly interpolated into a shell command. This affects packages/server/src/integrations/postgres.ts.

Vendor

Budibase

Product

Budibase

CWE

CWE-78

Yayın Tarihi

2026-03-09 20:16:07

Güncelleme

2026-03-13 19:23:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Budibase HIGH Budibase 2026

Referanslar

https://github.com/Budibase/budibase/blob/f34d545602a7c94427bae63312a5ee9bf2aa6c85/packages/server/src/integrations/postgres.ts#L529-L531 https://github.com/Budibase/budibase/commit/9fdbff32fb9e69650ba899a799e13f80d9b09e93 https://github.com/Budibase/budibase/security/advisories/GHSA-726g-59wr-cj4c

Benzer Kayıtlar

High

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and pr…

Critical

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Bud…

Critical

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path…

High

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of…

High

CVE-2026-25737

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbi…

Critical

CVE-2026-27702

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an un…