GHSA-w7mq-r738-x278

Critical

GHSA-w7mq-r738-x278

(CVE-2026-54352)

Published Jun 22, 2026

CVSS

9.6

CRITICAL

EPSS

Exploit Prediction Scoring System — the modeled probability of in-the-wild exploitation in the next 30 days.

—

Affected packages

Summary

Budibase has arbitrary file read by workspace-builder via PWA-zip symlink upload

Developer impact

Recommended action

Affected packages

Sources