Budibase Low-Code Platform Suffers Critical RCE Flaw

/HIGH
SCW vulnerabilitycvecloudidentity
Budibase Low-Code Platform Suffers Critical RCE Flaw

CVE Notify is flagging a serious remote code execution (RCE) vulnerability impacting Budibase, a popular open-source low-code platform. The flaw, designated CVE-2026-35216, allows unauthenticated attackers to gain control of the Budibase server. According to CVE Notify, the exploit involves triggering an automation that includes a Bash step through the platform’s public webhook endpoint. Crucially, no authentication is needed to pull off this attack, meaning a breach could happen silently and without prior access.

The severity of this RCE is amplified by the fact that the malicious code executes with root privileges within the container. This level of access grants an attacker the keys to the kingdom, enabling them to potentially compromise the entire environment. Thankfully, CVE Notify reports that this critical vulnerability has been addressed in Budibase version 3.33.4, so upgrading is the immediate fix.

What This Means For You

  • For organizations utilizing Budibase, the immediate priority should be to confirm their current version and upgrade to 3.33.4 or later to remediate CVE-2026-35216. Given the exploit's unauthenticated nature and root-level execution, delaying this update leaves your environment exposed to a high-impact compromise.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.004 Command and Scripting Interpreter: Unix Shell Execution T1548.000 Abuse Elevation Control Mechanism Privilege Escalation

πŸ›‘οΈ Detection Rules

1 rule Β· 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1190 Initial Access

Web Application Exploitation Attempt β€” CVE-2026-35216

Sigma YAML β€” free preview

Source: Shimi's Cyber World Β· License & reuse

Indicators of Compromise

IDTypeIndicator
CVE-2026-35216 RCE Budibase prior to v3.33.4, RCE via public webhook endpoint triggering automation with Bash step.
CVE-2026-35216 Privilege Escalation Budibase prior to v3.33.4, RCE as root inside the container via public webhook endpoint.
CVE-2026-35216 Auth Bypass Budibase prior to v3.33.4, unauthenticated attacker can trigger RCE via public webhook endpoint.

By Shimi's Cyber World Editorial

Related coverage

Featured

Daily Security Digest β€” 2026-05-23

9 curated intelligence stories from 3 sources.

daily-digestu-s-department-of-justiceu-s-department-of-defensekimwolfvulnerabilitylitespeedcpanelmalwareidentitythreat-intel
/SCW Daily Digest /MEDIUM

npm Boosts Supply Chain Security with 2FA-Gated Staged Publishing

GitHub has rolled out new controls for npm, significantly enhancing software supply chain security. The Hacker News reports that these features, now generally available, introduce...

threat-intelvulnerabilityidentitytools
/SCW Vulnerability Desk /HIGH /⚑ 2 IOCs /⚙ 2 Sigma

Anthropic AI Finds 10,000 High-Severity Flaws in Critical Software

Anthropic's Project Glasswing, an AI-driven cybersecurity initiative, has reportedly uncovered over 10,000 high- or critical-severity vulnerabilities in globally significant software. The Hacker News reports that...

threat-intelvulnerabilitycloudai-security
/SCW Vulnerability Desk /MEDIUM /⚑ 2 IOCs /⚙ 1 Sigma