CVE-2026-25505

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bambuddy versions prior to 0.1.7

Description Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Versions before 0.1.7 include a hardcoded secret key used for signing JSON Web Tokens (JWTs). Multiple API routes do not enforce authentication checks. This allows potential bypass of security controls and trivial token forgery, granting full system access.

Recommendations Update Bambuddy to version 0.1.7.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-321

Related Identifiers

CVE-2026-25505

GHSA-GC24-PX2R-5QMF

Affected Products

Bambu Lab 3D Printers

Bambuddy

CVE-2026-25505

Weakness Enumeration

Related Identifiers

Affected Products

References · 19