How is CVE-2026-54350 exploited?

Network reachability (required): The vulnerable endpoint POST /api/v2/queries/:queryId is exposed over the network; an attacker must be able to reach the published Budibase app's HTTP interface to exploit this vulnerability. Authentication (not-required): The authorized middleware short-circuits for PUBLIC-role queries, and no session or credential is required; only the publicly visible x-budibase-app-id header is needed. Victim interaction (not-required): The attacker sends a single crafted HTTP request directly to the API endpoint; no user action, click, or browser visit by a victim is involved. Attack complexity (info): The exploit is reliable and condition-free; breaking out of the JSON template requires only a well-formed parameter string, with no race condition, memory layout dependency, or special environmental state needed.

What is the impact of CVE-2026-54350?

Reads every document stored in the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection that the published app is connected to, including records belonging to all application users. Where the builder has published a PUBLIC write query, overwrites every document in the targeted collection in a single HTTP request using the builder-defined $set body applied collection-wide. Because the CVSS scope token is Changed, the impact extends beyond the Budibase server process itself to the underlying database service and any downstream systems that consume or replicate that data. CSRF is not enforced on the affected path, so the injection can be triggered from any origin without additional preconditions.

Back to search

CRITICALCVE-2026-54350Published 2026-06-26Modified 2026-06-26CNA GitHub_M

CVE-2026-54350: Budibase: Anonymous NoSQL operator injection via published-app query templates

Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection and, where the builder has published a PUBLIC write query, modifies every document of that collection with one HTTP request. enrichContext at packages/server/src/sdk/workspace/queries/queries.ts:121-138 substitutes parameter values into the raw JSON body of a query, then JSON.parses the result. The validator validateQueryInputs at packages/server/src/api/controllers/query/index.ts:61-71 rejects only Handlebars markers ({{, }}) in user input and does not escape JSON metacharacters (", \, }). A parameter value containing a closing quote and additional keys lifts attacker-controlled fields into the parsed filter object. For Mongo find, the parsed filter passes directly to collection.find() (packages/server/src/integrations/mongodb.ts:506-510). Duplicate-key JSON parsing overrides the builder's {name: "..."} with {name: {$exists: true}} and returns every document. The same primitive against an updateMany query (mongodb.ts:577-585) widens the filter scope to the full collection while the builder-controlled $set body runs against every matched document. The authorized middleware at packages/server/src/middleware/authorized.ts:141-148 short-circuits when the query's role is PUBLIC. CSRF is not enforced on this path. POST /api/v2/queries/:queryId (packages/server/src/api/routes/query.ts:63) accepts the call with no session, only an x-budibase-app-id header that is public from the published-app URL. This vulnerability is fixed in 3.39.12.

CVSS v3.1: 10.0
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

NoSQL operator injection in Budibase, an open-source low-code platform, allows an unauthenticated attacker to reach the query execution endpoint over the network with no credentials required. By supplying a crafted parameter value that breaks out of the JSON template substitution, an attacker can lift arbitrary MongoDB or CouchDB operators into the parsed filter object. Successful exploitation gives the attacker full read access to every document in the backing database collection and, where a PUBLIC write query has been published, full write access to every document in that collection. A patched-image rebuild at version 3.39.12 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-54350 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Budibase images derived from the upstream base. Any image layer carrying a Budibase package version below 3.39.12 is flagged immediately on the next pipeline scan or registry push.

Available

Triage

Triage is available with the full CVSS v3.1 score of 10.0 (Critical), including scope-change and zero-authentication weighting, surfaced alongside each customer org's compliance policy to determine urgency tier and routing. Findings are dispatched to the inbox or ticketing integration configured for each environment, prioritized against that org's defined SLA thresholds for Critical-severity issues.

Available

Patch

A patched-image rebuild at Budibase 3.39.12 becomes available in HarborGuard the moment the fix version is resolved against the advisory record; no fix versions were published at the time of CVE issuance, so HarborGuard re-checks the advisory on every ingest cycle and will make the rebuild available as soon as the upstream package is released. For customers who opt into auto-remediation, the rebuild triggers a regression-test run and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable endpoint POST /api/v2/queries/:queryId is exposed over the network; an attacker must be able to reach the published Budibase app's HTTP interface to exploit this vulnerability.
AuthenticationNot required
The authorized middleware short-circuits for PUBLIC-role queries, and no session or credential is required; only the publicly visible x-budibase-app-id header is needed.
Victim interactionNot required
The attacker sends a single crafted HTTP request directly to the API endpoint; no user action, click, or browser visit by a victim is involved.
Attack complexityDetail
The exploit is reliable and condition-free; breaking out of the JSON template requires only a well-formed parameter string, with no race condition, memory layout dependency, or special environmental state needed.

Blast Radius

Reads every document stored in the backing MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST-with-JSON-body collection that the published app is connected to, including records belonging to all application users.
Where the builder has published a PUBLIC write query, overwrites every document in the targeted collection in a single HTTP request using the builder-defined $set body applied collection-wide.
Because the CVSS scope token is Changed, the impact extends beyond the Budibase server process itself to the underlying database service and any downstream systems that consume or replicate that data.
CSRF is not enforced on the affected path, so the injection can be triggered from any origin without additional preconditions.

How HarborGuard Handles This

Available on HarborGuard: detection of images carrying Budibase below 3.39.12 is active across all connected registries and CI pipelines, with Critical severity routing applied immediately on ingest. Because no upstream fix version had been published at the time this CVE was issued, HarborGuard monitors the advisory on every ingest cycle and will make a patched-image rebuild available the moment 3.39.12 or a later fix version appears in the upstream package feed. In the interim, compensating controls available through HarborGuard include network-policy isolation rules that restrict inbound access to the Budibase query API to authenticated internal traffic only, and egress-filtering recommendations to limit the database surface reachable from the app container. For customers who opt into auto-remediation, once the upstream fix is confirmed, the flow proceeds automatically: rebuilt image, regression-test run, and a PR opened against affected workloads, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in environments with auto-remediation enabled.

See how HarborGuard automates this

Affected packages

Budibase / budibase
< 3.39.12

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

References

https://github.com/Budibase/budibase/security/advisories/GHSA-8qv3-p479-cj62

Metrics

Get notified