Tag
Budibase Stored XSS Vulnerability via Unrestricted File Upload (CVE-2026-46426)
2 rules 3 TTPsBudibase is vulnerable to persistent stored XSS (CVE-2026-46426) due to unrestricted file upload of active content by authenticated users, leading to potential session cookie theft and account takeover.
Budibase Builder-to-Admin Privilege Escalation via Unsecured onboardUsers Endpoint
2 rules 1 TTPA privilege escalation vulnerability exists in Budibase's `onboardUsers` endpoint (CVE-2026-45716) allowing a builder-level user to create global admin accounts by bypassing the intended invite flow when SMTP is not configured, due to insufficient authorization checks and direct user creation with attacker-controlled roles.
Budibase REST Datasource SSRF via HTTP Redirect Bypass (CVE-2026-45715)
2 rules 1 TTP 3 IOCsBudibase is vulnerable to server-side request forgery (SSRF) via HTTP redirects in the REST datasource integration, allowing authenticated Builders to bypass IP blacklists and access internal services.
Budibase REST Connector SSRF via Empty Blacklist
2 rules 7 TTPsA critical Server-Side Request Forgery (SSRF) vulnerability in Budibase's REST datasource connector allows attackers with Builder privileges to exfiltrate sensitive data from internal network services due to a missing default IP blacklist.
Budibase Command Injection Vulnerability in Bash Automation Step
2 rules 1 TTPA command injection vulnerability exists in Budibase's bash automation step due to insufficient sanitization, allowing attackers with automation modification access to inject arbitrary shell commands, leading to remote code execution.
Budibase Unauthenticated Remote Code Execution via Webhook
2 rules 1 TTP 1 CVEBudibase versions before 3.33.4 are susceptible to unauthenticated remote code execution, where a threat actor can trigger a Bash step within an automation via the public webhook endpoint, leading to code execution as root within the container.
Budibase Stored Cross-Site Scripting Vulnerability (CVE-2026-35218)
2 rules 1 TTP 1 CVEA stored cross-site scripting (XSS) vulnerability in Budibase versions prior to 3.32.5 allows authenticated users with Builder access to inject malicious HTML payloads into entity names, leading to potential session cookie theft and account takeover when other Builder users open the Command Palette.
Budibase Path Traversal Vulnerability in Plugin Upload
2 rules 1 TTP 1 CVEA path traversal vulnerability exists in Budibase versions prior to 3.33.4, allowing attackers with Global Builder privileges to delete arbitrary directories and write arbitrary files via crafted plugin uploads.