PT-2026-6298 · Bambu+1 · Bambu Lab 3D Printers+1

Speenah

·

Publicado

2026-02-02

·

Atualizado

2026-02-06

·

CVE-2026-25505

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Bambuddy versions prior to 0.1.7
Description Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Versions before 0.1.7 include a hardcoded secret key used for signing JSON Web Tokens (JWTs). Multiple API routes do not enforce authentication checks. This allows potential bypass of security controls and trivial token forgery, granting full system access.
Recommendations Update Bambuddy to version 0.1.7.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-321

Identificadores relacionados

CVE-2026-25505
GHSA-GC24-PX2R-5QMF

Produtos afetados

Bambu Lab 3D Printers
Bambuddy