Skip to main content

Budibase EUVD-2026-25618

| CVE-2026-41428 CRITICAL
Improper Authentication (CWE-287)
2026-04-24 GitHub_M GHSA-8783-3wgf-jggf
Authentication Bypass Budibase
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

7
Patch released
Apr 28, 2026 - 15:39 nvd
Patch available
Patch available
Apr 24, 2026 - 21:02 EUVD
Re-analysis Queued
Apr 24, 2026 - 20:22 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 20:15 vuln.today
EUVD ID Assigned
Apr 24, 2026 - 19:45 euvd
EUVD-2026-25618
Analysis Generated
Apr 24, 2026 - 19:45 vuln.today
CVE Published
Apr 24, 2026 - 19:17 nvd
CRITICAL 9.1

DescriptionGitHub Advisory

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?x=/api/system/status bypasses all authentication because the regex /api/system/status/ matches in the query string portion of the URL. This vulnerability is fixed in 3.35.4.

AnalysisAI

Authentication bypass in Budibase low-code platform (versions prior to 3.35.4) allows remote unauthenticated attackers to access any protected API endpoint by appending a public endpoint path as a query parameter. The vulnerability stems from unanchored regular expressions in authentication middleware that match against the full request URL including query strings, enabling attackers to craft requests like 'POST /api/global/users/search?x=/api/system/status' to bypass all authentication checks. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Budibase instance
Delivery
Enumerate protected API endpoints
Exploit
Craft request with public path in query string
Execution
Bypass authentication middleware
Persist
Access privileged API functions
Impact
Exfiltrate data or modify configurations
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against default configurations of Budibase. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability represents a critical real-world risk requiring immediate remediation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An external attacker identifies a Budibase instance exposed on the internet and targets a privileged API endpoint such as POST /api/global/users/search (requires authentication). The attacker crafts a malicious request appending a known public endpoint path as a query parameter: 'POST /api/global/users/search?x=/api/system/status'. …
Remediation Immediately upgrade to Budibase version 3.35.4 or later, which fixes the authentication bypass by implementing properly anchored regular expressions in the authentication middleware. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all Budibase instances in your environment and document their current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-25618 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy