CVE-2026-35214: Budibase Path Traversal Vulnerability (8.7)
Plattform
nodejs
Komponente
@budibase/server
Behoben in
3.33.4
CVE-2026-35214 is a high-severity Path Traversal vulnerability affecting @budibase/server. An attacker with Global Builder privileges can exploit the plugin file upload endpoint to delete arbitrary directories and write arbitrary files. This is achieved by crafting a multipart upload with a filename containing path traversal sequences. This vulnerability is fixed in version 3.33.4.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35214?
CVE-2026-35214 is a Path Traversal vulnerability in @budibase/server that allows attackers to delete or write arbitrary files.
Am I affected by CVE-2026-35214?
You are affected if you are using a version of @budibase/server prior to 3.33.4. Version 3.33.4 and later contain the fix for this vulnerability.
How can I fix CVE-2026-35214?
To fix CVE-2026-35214, upgrade your @budibase/server installation to version 3.33.4 or later. This version contains the necessary patch.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten