Hugo | DevOps | Cybersecurity

CVE-2026-50136 - Supply Chain Attack in Budibase. Unauthenticated endpoint exposes S3 presigned URLs. CVSS 7.4. No known patch. Mitigate immediately. #CVE #Budibase #infosec

https://www.valtersit.com/cve/CVE-2026-50136/

CVE-2026-50136 | Budibase | Valters IT Hub

Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an unauthenticated endpoint that generates S3 PutObject presi...

Valters IT Hub
12:13pmValtersIT_Com
Show threadSomeVeganCheeseIsOk9h ago
@hugovalters "need storage? Budibase has free storage! No data types denied."
Show threadHugo | DevOps | Cybersecurity8h ago
@SomeVeganCheeseIsOk Haha, exactly! 'Budibase Cloud Storage Subscription — now with 100% discount for anonymous users.' 😭 Ironically, I'm actually upgrading my own infra and buying more disk space for a new databases today... maybe I should have just used Budibase's leaked S3 buckets instead?