CVE-2026-25737

High CVSS: 8.9

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restrictions and upload malicious files.

Vendor

Budibase

Product

Budibase

CWE

CWE-602

Yayın Tarihi

2026-03-09 21:16:15

Güncelleme

2026-03-13 19:16:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-602 Budibase HIGH Budibase 2026

Referanslar

https://github.com/Budibase/budibase/security/advisories/GHSA-2hfr-343j-863r

Benzer Kayıtlar

High

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and pr…

Critical

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Bud…

Critical

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path…

High

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of…

High

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the Po…

Critical

CVE-2026-27702

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an un…