CVE-2026-30240 - Vulnerability Analysis
CriticalCVSS: 9.6Last Updated: March 11, 2026
Budibase - Path Traversal
Overview
Budibase <= 3.31.5 contains a path traversal caused by unsanitized path.join() usage in PWA ZIP processing endpoint, letting authenticated builder users read arbitrary server files including sensitive environment variables.
Severity & Score
Impact
Authenticated builder users can read sensitive files, leading to full platform compromise by exfiltrating cryptographic secrets and service credentials.
Mitigation
Update to a version later than 3.31.5 or the latest available version.
Social Media Activity(2 posts)
š“ CVE-2026-30240 - Critical (9.6) Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti... š https://www.thehackerwire.com/vulnerability/CVE-2026-30240/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-30240 - Critical (9.6) Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path traversal vulnerability in the PWA (Progressive Web App) ZIP processing endpoint (POST /api/pwa/process-zip) allows an authenti... š https://www.thehackerwire.com/vulnerability/CVE-2026-30240/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30240
- Severity
- Critical
- CVSS Score
- 9.6
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 2.9%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N