Package impact
npm / @budibase/backend-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42239 | high | 8.1 | 8.1 | 23d ago | Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover |
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42239 | high | 8.1 | 8.1 | 23d ago | Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover |