VIR Vulnerability Intelligence Relay

Package impact

npm NPM / @budibase/backend-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-42239 high 8.1 8.1 22d ago Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover