Budibase Low-Code Platform Suffers Critical RCE Flaw
CVE Notify is flagging a serious remote code execution (RCE) vulnerability impacting Budibase, a popular open-source low-code platform. The flaw, designated CVE-2026-35216, allows unauthenticated attackers to gain control of the Budibase server. According to CVE Notify, the exploit involves triggering an automation that includes a Bash step through the platformβs public webhook endpoint. Crucially, no authentication is needed to pull off this attack, meaning a breach could happen silently and without prior access.
The severity of this RCE is amplified by the fact that the malicious code executes with root privileges within the container. This level of access grants an attacker the keys to the kingdom, enabling them to potentially compromise the entire environment. Thankfully, CVE Notify reports that this critical vulnerability has been addressed in Budibase version 3.33.4, so upgrading is the immediate fix.
What This Means For You
- For organizations utilizing Budibase, the immediate priority should be to confirm their current version and upgrade to 3.33.4 or later to remediate CVE-2026-35216. Given the exploit's unauthenticated nature and root-level execution, delaying this update leaves your environment exposed to a high-impact compromise.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-35216 | RCE | Budibase prior to v3.33.4, RCE via public webhook endpoint triggering automation with Bash step. |
| CVE-2026-35216 | Privilege Escalation | Budibase prior to v3.33.4, RCE as root inside the container via public webhook endpoint. |
| CVE-2026-35216 | Auth Bypass | Budibase prior to v3.33.4, unauthenticated attacker can trigger RCE via public webhook endpoint. |
π Recommended Tools
Found this interesting? Follow us to stay ahead.