Plattform
nodejs
Komponente
budibase
Behoben in
3.30.5
3.30.4
CVE-2026-27702 represents a critical Remote Code Execution (RCE) vulnerability discovered in Budibase Cloud. This flaw allows authenticated users, including those on free tier accounts, to execute arbitrary JavaScript code on the server, potentially leading to complete system compromise. The vulnerability specifically impacts Budibase Cloud (SaaS) deployments; self-hosted instances are not affected. A fix is available in version 3.30.4.
The impact of this vulnerability is severe. An attacker can leverage it to execute arbitrary code within the Budibase Cloud environment, potentially gaining full control of the affected application and its underlying infrastructure. This could lead to data breaches, unauthorized modifications to the application, and even complete system compromise. The attacker's ability to execute code within the app-service pod grants them access to resources and data within that container, significantly expanding the potential blast radius. The ease of exploitation, requiring only authentication, makes this a high-priority risk.
CVE-2026-27702 was publicly disclosed on 2026-02-25. The vulnerability is considered high probability due to the ease of exploitation and the critical nature of RCE. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity suggests that PoCs are likely to emerge. It is not currently listed on the CISA KEV catalog.
Budibase Cloud users, particularly those on free tier accounts, are at immediate risk. Organizations relying on Budibase Cloud for critical applications or storing sensitive data are especially vulnerable. Shared hosting environments utilizing Budibase Cloud may also be at increased risk due to potential cross-tenant exploitation.
• nodejs / server: Monitor Budibase Cloud logs for unusual JavaScript execution patterns or errors related to view filtering. Use journalctl to filter for errors containing 'eval' or 'inMemoryView.ts'.
• generic web: Inspect Budibase Cloud application logs for suspicious requests targeting view endpoints. Use curl to test view endpoints with potentially malicious map functions and observe the response for unexpected behavior.
• database (mongodb): While the vulnerability isn't directly in MongoDB, monitor MongoDB logs for unusual activity originating from the Budibase Cloud application pods.
disclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade to Budibase Cloud version 3.30.4 or later. For environments where immediate upgrades are not possible, consider restricting user permissions to limit the potential impact of a successful exploit. While not a complete solution, implementing strict input validation on user-supplied data used in view map functions can help reduce the attack surface. Monitor Budibase Cloud logs for suspicious activity, particularly any unusual JavaScript execution patterns. There are no specific WAF rules or detection signatures readily available, making timely patching crucial.
Aktualisieren Sie Budibase Cloud auf Version 3.30.4 oder höher. Diese Version enthält eine Behebung für die (Remote Code Execution) Schwachstelle. Das Update wird das Risiko mindern, dass authentifizierte Benutzer willkürlichen (JavaScript) Code auf dem Server ausführen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27702 is a critical Remote Code Execution vulnerability in Budibase Cloud allowing authenticated users to execute arbitrary JavaScript code on the server. It affects versions before 3.30.4.
If you are using Budibase Cloud (SaaS) and have not upgraded to version 3.30.4 or later, you are vulnerable. Self-hosted Budibase deployments are not affected.
Upgrade Budibase Cloud to version 3.30.4 or later. Consider implementing stricter access controls as a temporary mitigation.
No active exploitation campaigns have been confirmed, but the vulnerability's severity and ease of exploitation suggest a potential risk.
Refer to the official Budibase security advisory on their website for detailed information and updates: [https://budibase.com/security/advisories](https://budibase.com/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.