CVE Catalog

CVE-2026-50136

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

Budibase prior to 3.39.3 exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials from a workspace datasource. The route is protected only by recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access.

Risk Assessment

An attacker who knows a workspace ID and S3 datasource ID can generate a signed URL to upload files to a controlled S3 bucket, potentially leading to unauthorized data writes or information disclosure.

Recommendation

Immediately upgrade Budibase to version 3.39.3 or later, which contains the fix for this vulnerability.

Original NVD description (English source)

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presigned URLs using credentials stored in a workspace datasource. The route is protected only by the recaptcha middleware and does not require authentication, table permission, datasource permission, or builder access. A public caller who knows a workspace ID and S3 datasource ID can request a signed upload URL for attacker-controlled bucket and key values. This vulnerability is fixed in 3.39.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS