Budibase Vulnerability Allows Bypass and Information Disclosure
Summary
CERT-Bund has issued a security advisory (WID-SEC-2026-0776) regarding a vulnerability in Budibase, an open-source low-code platform. The vulnerability allows remote, authenticated attackers to bypass security mechanisms and disclose information. Affected versions include Budibase <=3.30.6.
What changed
CERT-Bund has released security advisory WID-SEC-2026-0776 detailing a critical vulnerability (CVSS Base Score 8.7) in the Budibase open-source low-code platform. Versions up to and including 3.30.6 are affected. The vulnerability allows a remote, authenticated attacker to bypass security controls and potentially disclose sensitive information.
Organizations utilizing Budibase versions prior to 3.30.6 should immediately update to a patched version or implement available mitigations. Failure to address this vulnerability could lead to unauthorized information disclosure and compromise of internal applications built on the platform. While no specific compliance deadline is mentioned, prompt action is recommended to prevent exploitation.
What to do next
- Update Budibase to a version later than 3.30.6
- Implement available mitigations if immediate update is not possible
Source document (simplified)
[WID-SEC-2026-0776] Budibase: Schwachstelle ermöglicht Umgehung und Offenlegung von Informationen CVSS Base Score 8.7 (hoch) CVSS Temporal Score 7.8 (hoch) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
Produktbeschreibung
Budibase ist eine quelloffene Low-Code-Plattform für die Erstellung interner Anwendungen, wie z. B. Verwaltungspanels.
Produkte
17.03.2026
- Open Source Budibase <=3.30.6
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Budibase ausnutzen, um Sicherheitsmechanismen zu umgehen und dadurch Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.