CVE-2026-35216 in Budibaseinfo

Zusammenfassung (Englisch)

Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. This issue has been patched in version 3.33.4.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Zuständig

GitHub_M

Reservieren

01.04.2026

Veröffentlichung

03.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
355174Budibase Public Webhook erweiterte Rechte78Nicht definiertOffizieller FixCVE-2026-35216

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!