CVE-2026-41428— Budibase 授权问题漏洞

Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints

Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?x=/api/system/status bypasses all authentication because the regex /api/system/status/ matches in the query string portion of the URL. This vulnerability is fixed in 3.35.4.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

认证机制不恰当

Budibase 授权问题漏洞

Budibase是英国Budibase开源的一个用于在几分钟内创建内部应用程序、工作流和管理面板的低代码平台。 Budibase 3.35.4之前版本存在授权问题漏洞，该漏洞源于经过身份验证的中间件使用非锚定正则表达式匹配ctx.request.url中的公共端点模式，攻击者可通过将公共端点路径作为查询参数附加来绕过所有身份验证。

N/A

N/A