CVE-2026-41428— Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41428
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
Source: NVD (National Vulnerability Database)
Vulnerability Description
Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Since ctx.request.url in Koa includes the query string, an attacker can access any protected endpoint by appending a public endpoint path as a query parameter. For example, POST /api/global/users/search?x=/api/system/status bypasses all authentication because the regex /api/system/status/ matches in the query string portion of the URL. This vulnerability is fixed in 3.35.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Budibase 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Budibase是英国Budibase开源的一个用于在几分钟内创建内部应用程序、工作流和管理面板的低代码平台。 Budibase 3.35.4之前版本存在授权问题漏洞,该漏洞源于经过身份验证的中间件使用非锚定正则表达式匹配ctx.request.url中的公共端点模式,攻击者可通过将公共端点路径作为查询参数附加来绕过所有身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2026-41428
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41428
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-41428 (1)
IV. Related Vulnerabilities
Same product: budibase
- CVE-2026-48147
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypa - CVE-2026-48148
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF - CVE-2026-45548
Budibase: SSRF in AI Extract File Automation Step via Missin - CVE-2026-45715
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource I - CVE-2026-45716
Budibase: Builder-to-Admin Privilege Escalation via onboardU
Same vendor: Budibase
- CVE-2026-48147
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypa - CVE-2026-48148
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF - CVE-2026-45548
Budibase: SSRF in AI Extract File Automation Step via Missin - CVE-2026-45715
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource I - CVE-2026-45716
Budibase: Builder-to-Admin Privilege Escalation via onboardU
Same weakness: CWE-287
- CVE-2026-44720
OpenLearnX: Critical Authentication Bypass via JWT Signature - CVE-2026-47272
pam_usb: OTP pad authentication bypass via missing system pa - CVE-2026-7876
Authentication bypass vulnerability found in Aspera High-Spe - CVE-2026-8994
Login with NEAR <= 0.3.3 - Authentication Bypass via 'accoun - CVE-2026-44847
MaxKB: Webhook Trigger Authentication Bypass
V. Comments for CVE-2026-41428
No comments yet