Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.0
Budibase: Malicious files can be uploaded via UI bypass
CVE-2026-25737
Summary
Budibase users are at risk of uploading malicious files if they exploit a weakness in the platform's file upload feature. This can lead to security issues, so update to a fixed version to protect your data and systems.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| budibase | budibase | <= 3.24.0 | – |
Original title
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restriction...
Original description
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these restrictions and upload malicious files.
nvd CVSS3.1
8.9
Vulnerability type
CWE-602
CWE-79
Cross-site Scripting (XSS)
CWE-918
Server-Side Request Forgery (SSRF)
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026