GHSA-jj36-r9w3-3pfh

High

GHSA-jj36-r9w3-3pfh

(CVE-2026-50136)

Published Jun 22, 2026

CVSS

7.4

HIGH

EPSS

Exploit Prediction Scoring System — the modeled probability of in-the-wild exploitation in the next 30 days.

—

Affected packages

Summary

Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials

Developer impact

Recommended action

Affected packages

Sources