CVE-2026-35216: Budibase RCE via Public Webhook (CVSS 9)
Plattform
nodejs
Komponente
@budibase/server
Behoben in
3.33.4
CVE-2026-35216 is a critical Remote Code Execution (RCE) vulnerability affecting @budibase/server. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the server by triggering an automation with a Bash step via the public webhook endpoint. This vulnerability affects versions prior to 3.33.4 and is fixed in version 3.33.4.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35216?
CVE-2026-35216 is a Remote Code Execution (RCE) vulnerability in @budibase/server that allows unauthenticated attackers to execute arbitrary code.
Am I affected by CVE-2026-35216?
You are affected if you are using a version of @budibase/server prior to 3.33.4. Version 3.33.4 and later contain the fix for this vulnerability.
How can I fix CVE-2026-35216?
To fix CVE-2026-35216, upgrade your @budibase/server installation to version 3.33.4 or later. This version contains the necessary patch.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten