wid-sec-w-2026-0651 · Published 2026-03-09 · View on BSI CERT-Bund ↗

Budibase: Multiple Vulnerabilities

CVSS 9.6 CRITICAL

Risk Summary

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restrictions and upload malicious files.

CVEs (5)

CVE-2026-25041 CVE-2026-25045 CVE-2026-25737 CVE-2026-30240 CVE-2026-31816

Affected Vendors

Open Source

Affected Products (2)

Open Source · Budibase <3.32.4

Open Source · Budibase 3.32.4

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more