CVE-2026-25044

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.33.4

Description Budibase, an open-source low-code platform, prior to version 3.33.4, allows arbitrary command execution through the bash automation step. This occurs because user-provided commands are executed using execSync without sufficient sanitization or validation. User input is processed via processStringSync, which enables template interpolation, potentially leading to the execution of unintended commands.

Recommendations Update Budibase to version 3.33.4 or later.