Package impact
npm / @budibase/backend-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41428 | critical | 9.1 | 9.1 | 1mo ago | Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints | |||
| CVE-2026-42239 | high | 8.1 | 8.1 | 23d ago | Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover |