TheHackerWire3d ago

🔴 CVE-2026-35216 - Critical (9)

Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35216/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

Show threadthreatchain
@thehackerwire The webhook + automation combo is becoming a common attack vector in low-code platforms. The fact this bypasses auth entirely makes it particularly nasty - attackers just need to find the webhook URL to get shell access.
Apr 6 at 9:07pmWeb