Description

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization. The password and other connection parameters are directly interpolated into a shell command. This affects packages/server/src/integrations/postgres.ts.

INFO

Published Date :

2026-03-09T19:53:10.448Z

Last Modified :

2026-03-09T20:34:21.741Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25041 vulnerability.

Vendors Products
Budibase
  • Budibase
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25041.

URL Resource
https://github.com/Budibase/budibase/blob/f34d545602a7c94427bae63312a5ee9bf2aa6c85/packages/server/src/integrations/postgres.ts#L529-L531 cve-icon cve-icon
https://github.com/Budibase/budibase/commit/9fdbff32fb9e69650ba899a799e13f80d9b09e93 cve-icon cve-icon
https://github.com/Budibase/budibase/security/advisories/GHSA-726g-59wr-cj4c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact