PT-2026-24108 · Budibase · Budibase
Rudrabrahmbhatt
·
Published
2026-03-09
·
Updated
2026-03-09
·
CVE-2026-25737
CVSS v3.1
9.0
Critical
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Budibase versions 3.24.0 and earlier
Description
Budibase is a low code platform used for creating internal tools, workflows, and admin panels. An arbitrary file upload issue exists because file extension restrictions are only enforced at the user interface level. This allows an attacker to bypass these restrictions and upload malicious files.
Recommendations
Versions prior to 3.24.0 should be updated.
Exploit
Fix
XSS
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Budibase