CVE-2026-48147 Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker

Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex / matches functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanchored regular expressions and tested against ctx.request.url, which includes the full query string. Th...

CVE-2026-48147

creationtimestamp| type| source ---|---|--- 2026-05-21 08:44:07+00:00| published-proof-of-concept| https://github.com/Budibase/budibase/security/advisories/GHSA-wxq7-x3qp-vcr8 2026-05-27 19:55:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmubzsxsj62o...