Vulnerabilities

Report: CVE-2026-25044 - Budibase: Command Injection in Bash Automation Step

2026-04-03 0 views admin

CVE ID :CVE-2026-25044 Published : April 3, 2026, 3:38 p.m. | 8 minutes ago Description :Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing arbitrary command execution. This issue has been patched in version 3.33.4. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-25044

Severity

LOW

Published

April 3, 2026

🏷️ Tags

report25044budibasecommandinjectionautomationpublishedminutescverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-25044 - Budibase: Command Injection in Bash Automation Step

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-31398 - mm/rmap: fix incorrect pte restoration for lazyfree folios", "Content": "CVE ID

Report: CVE-2026-31400 - sunrpc: fix cache_request leak in cache_release

Report: Update: CVE-2025-59709 - Biztalk360 Directory Traversal Vulnerability

Report: CVE-2026-31399 - nvdimm/bus: Fix potential use after free in asynchronous initialization - Full Analysis

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting