CVE-2026-41428

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.4

Description The authenticated middleware uses unanchored regular expressions to match public endpoint patterns against the ctx.request.url variable. Because ctx.request.url in Koa includes the query string, an attacker can bypass authentication and access protected endpoints by appending a public endpoint path as a query parameter. For example, using the endpoint '/api/global/users/search' with a query parameter like x=/api/system/status allows unauthorized access because the regular expression matches the query string portion of the URL.

Recommendations Update to version 3.35.4.