3 matches found
CVE-2026-45061
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...
EUVD-2026-32586
Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint POST /api/plugin validates the submitted URL with a single substring check: url.includes".tar.gz". Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes thi...
PT-2026-39904
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.10 Description The Plugin URL upload endpoint "POST /api/plugin" contains a flaw in how it validates submitted URLs. It uses a simple substring check to verify if the url variable contains ".tar.gz", which can b...