eastbaycyber

CVE-2026-54350: Budibase NoSQL Injection Vulnerability

CVE explainers 11 min read
SR
Security Research Desk Expert reviewed
Threat intelligence · Human-verified · Updated 2026-06-26
▲ Escalation ViewOne CVE, briefed at three altitudes — skim the Brief, weigh the Impact, or work the Runbook. The way a SOC actually reads it.
CISOBrief · 30-second brief
Field Value
CVE ID CVE-2026-54350
CVSS score 10.0
Attack vector Network
Auth required None
Patch status Fixed in 3.39.12; affected versions are prior to 3.39.12

TL;DR - Budibase versions before 3.39.12 are vulnerable to unauthenticated query injection in published apps. - Attackers may read all records from affected backends and may modify all records if a PUBLIC write query is exposed. - Patch immediately to 3.39.12 or later and review published app exposure.

What is CVE-2026-54350?

CVE-2026-54350 is a critical vulnerability in Budibase, the open-source low-code platform. The issue affects Budibase versions prior to 3.39.12, and the fixed release is 3.39.12. According to the NVD description, an unauthenticated visitor to a published Budibase app can read all documents from certain backend data sources. In some configurations, the same flaw can also let the attacker modify all documents with a single HTTP request.

The root cause is unsafe parameter substitution into raw JSON query bodies. Budibase interpolates user-controlled values into a JSON string and then parses that result. Input validation reportedly blocks Handlebars markers such as {{ and }}, but it does not properly escape JSON metacharacters. That creates an operator injection or NoSQL injection path: an attacker can close out the intended value and inject additional keys or operators into the parsed query object.

This matters because Budibase frequently sits in front of business data and internal workflows. Even if the platform itself is not Internet-wide, many organizations publish apps externally for customers, employees, or partners. A flaw that requires no authentication and targets published apps collapses the usual trust boundary.

The impact is not limited to one backend. The NVD description explicitly names MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, and REST-with-JSON-body collections as affected data source types. That broadens both the attack surface and the defensive challenge, because the vulnerable pattern is in query construction, not only in one database driver.

Exploitation status, PoC, and what is known

At the time of writing, there is no confirmed CISA KEV listing for CVE-2026-54350. That means there is no CISA-confirmed evidence of exploitation in the wild. Defenders should state that carefully: “not confirmed” is not the same as “not happening.” Critical unauthenticated bugs in public-facing application platforms can move quickly from disclosure to opportunistic scanning.

On proof-of-concept availability, the available research and source material describe a concrete exploitation method, but this research note did not identify a confirmed standalone public PoC repository. The methodology is still actionable for attackers: inject JSON metacharacters into a parameter, break out of the intended string context, add attacker-controlled keys or operators, and rely on JSON parsing behavior to widen or override the original filter. That is enough for many skilled operators even without a polished PoC repo.

Because neither a public PoC repository nor in-the-wild exploitation was confirmed in the supplied primary-source set, defenders should assume the following risk posture: the vulnerability is likely easy to weaponize due to the described mechanism, but public exploitation status is currently unknown. In the absence of hard telemetry, prioritize patching based on exposure and business impact, not on whether a PoC is trending on social media.

A practical takeaway for incident response teams is that absence of exploitation confirmation should not delay triage. The vulnerability affects a class of workflow apps often connected to sensitive operational data. Even short exposure windows may matter if published apps are internet accessible and logs are limited.

AnalystImpact · assess the risk

Quick impact assessment for defenders

From an operational perspective, this is a high-priority patch even though CISA KEV does not currently list CVE-2026-54350. KEV absence means there is no CISA confirmation of exploitation in the wild at this time, not that the issue is low risk. For internet-accessible Budibase deployments with published apps, defenders should treat the exposure as urgent because the prerequisites are minimal: a vulnerable version, a published app, and a query path that accepts attacker-controlled parameters.

The read impact is straightforward and severe. An unauthenticated visitor may be able to expand a filtered query into one that returns every document in a collection. The write impact depends on configuration. The NVD description states that bulk modification is possible where the builder has published a PUBLIC write query. That caveat is important: not every vulnerable deployment will have a write path, but any public write query should be considered especially dangerous until verified and patched.

There is also a secondary risk beyond direct data theft or modification. Once an attacker can enumerate all records in a collection, they may gain credentials, API tokens, internal IDs, workflow states, or PII that feeds follow-on attacks. Even where availability impact is not the headline, mass updates to records can disrupt business logic, trigger automation, or corrupt downstream reporting.

Because the available primary-source data does not include the exact CVSS vector string in the retrieved NVD output, defenders should avoid restating a full vector unless they verify it independently. What is safely supported is the CVSS 10.0 score, the unauthenticated nature of the attack, and the network-reachable exposure condition through published apps.

Who is affected?

The affected product is Budibase, specifically the server-side functionality involved in handling app queries. The vulnerable version range is clearly stated as all versions prior to 3.39.12, and the fixed version is 3.39.12. If you are running 3.39.11 or earlier, you should assume you are affected until proven otherwise. If you are already on 3.39.12 or later, confirm that all nodes, containers, and environments were actually upgraded.

Exposure depends on how Budibase is used. The issue is relevant when an app is published and reachable by unauthenticated users. In addition, the published app must expose a query path using the vulnerable JSON-body substitution behavior. For write impact, the app must also expose a PUBLIC write query. If you do not know whether your builders created such queries, assume exposure until you audit the app definitions.

The named backend data sources are significant because they indicate the attack is not theoretical or isolated to one integration. Based on the NVD description, impacted backing stores include:

Backend type Potential impact
MongoDB Read all documents; possible mass modification on public write queries
CouchDB Read all documents; possible mass modification on public write queries
Elasticsearch Read all documents; possible mass modification depending on query exposure
DynamoDB-PartiQL Read all documents; possible mass modification depending on public write path
REST-with-JSON-body Read or modify backend records where Budibase passes attacker-influenced JSON bodies

If you operate Budibase in a multi-tenant or shared internal environment, the blast radius may be larger than one app. A single published app can act as the doorway into backend datasets that were assumed to be protected by application-side filtering. That is why inventorying published apps matters as much as version checking.

How the vulnerability works

The described vulnerable path involves unsafe substitution of user input into a raw JSON body, followed by JSON.parse. The advisory context points to logic in enrichContext and validation in validateQueryInputs, with downstream use in integrations such as MongoDB query handling. The dangerous pattern is that user input is inserted into JSON as text rather than treated as safe, typed data.

Conceptually, a builder might intend to create a query body like this:

{"name":"<user-supplied-value>"}

If the application inserts the parameter directly into the JSON string without escaping metacharacters, an attacker can supply input that terminates the original string and injects new JSON structure. The end result may widen the query from a specific record match to a condition that matches many or all records.

Technical Notes

The NVD description specifically references duplicate-key behavior and operator injection in MongoDB-style queries. A builder-intended filter like the following:

{"name":"alice"}

can, after unsafe interpolation and parsing, be transformed into a filter effectively resembling:

{"name":{"$exists":true}}

That changes semantics from “find records named alice” to “find all records that have a name field,” which can be most or all documents in the collection.

The same widening concept can affect update flows. If a public write query exists and the filter is widened to match all records, an updateMany-style path may modify the entire collection in one request. Defenders should pay special attention to any published app that exposes create, update, or workflow actions to unauthenticated users, especially where raw JSON bodies are used in backend queries.

ResponderRunbook · act now

Detection and investigation

Detection is challenging because exploitation may look like normal app traffic hitting a published endpoint, not an obvious exploit path. Start by inventorying all Budibase instances and identifying those running versions prior to 3.39.12. Then enumerate all published apps, and within those apps, identify queries that target the named backend types and accept user-supplied parameters.

Next, review whether any app exposes PUBLIC write queries. The highest-risk pattern is a published app reachable without login that submits search or update parameters into backend JSON queries. If you cannot quickly determine whether such patterns exist, assume they do and move directly to containment and patching.

Because Budibase deployments vary, exact log fields may differ. In the absence of official vendor detection guidance in the available sources, defenders should focus on suspicious requests to published app query endpoints that include JSON metacharacters or operator strings in user-controlled parameters. Look for sudden spikes in unauthenticated requests followed by abnormally large result sets or widespread record changes.

Technical Notes

A practical hunt pattern is to search reverse-proxy or application logs for query parameters containing operator strings or injected JSON fragments. Example patterns to look for include values containing "$exists", "},", escaped quotes, or other metacharacters in parameters normally expected to be simple names or IDs.

(\$exists|\$ne|\$gt|\$where|"},\s*,\s*"|\\")

Example Splunk search against HTTP access logs:

index=web sourcetype=access_combined ("$exists" OR "$ne" OR "$gt" OR "\"}," OR "\\\"")
| stats count by src_ip, uri_path, http_method, user_agent
| sort - count

Example Sigma-style idea for proxy logs:

title: Suspicious Budibase Published App Query Injection Attempts
logsource:
  product: webserver
detection:
  selection:
    cs-uri-query|contains:
      - "$exists"
      - "$ne"
      - "\"},"
      - "\\\""
  condition: selection
level: high

If you have database telemetry, look for unexpected full-collection reads or bulk updates originating from the Budibase service account shortly after anonymous web requests. Even if the app logs do not preserve full payloads, correlation between anonymous requests and unusual backend query volume can be a strong indicator.

Mitigation and patching

The primary remediation is to upgrade Budibase to 3.39.12 or later. The vulnerable range is before 3.39.12, and that fixed version is the supported boundary from the available sources. If you run multiple environments, patch production, staging, and any internet-reachable test instance. Security incidents often originate from forgotten non-production systems with real data or shared credentials.

If you cannot patch immediately, reduce exposure. Unpublish affected apps where feasible, require authentication for access, and disable or restrict PUBLIC write queries. If business needs prevent full unpublishing, place the app behind an access control layer such as SSO, VPN, IP allowlisting, or a reverse proxy that blocks anonymous access while you complete the upgrade.

Do not rely solely on WAF filtering of strings like $exists. This flaw is rooted in unsafe application-side query construction, and attacker input may be encoded or varied. Temporary filtering can reduce noise, but it is not a substitute for upgrading. Also review whether sensitive backend collections are overly exposed to app-layer service accounts; least privilege can limit blast radius even when an application bug is present.

Technical Notes

The exact upgrade command depends on how you deploy Budibase. If you use Docker Compose or plain Docker images, upgrade the image tag to 3.39.12 or later and redeploy. Example pattern:

# Verify current image
docker ps --format "table {{.Names}}\t{{.Image}}"

# Pull fixed release
docker pull budibase/budibase:3.39.12

# Update your compose file or deployment manifest, then redeploy
docker compose pull
docker compose up -d

If you deploy via Kubernetes, update the container image tag and roll out the change:

kubectl set image deployment/budibase budibase=budibase/budibase:3.39.12 -n budibase
kubectl rollout status deployment/budibase -n budibase

For temporary containment where upgrade is delayed, disable anonymous exposure to published apps at the edge. Example NGINX pattern to restrict access:

location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
    proxy_pass http://budibase_upstream;
}

Also audit app definitions for public queries and remove or restrict write-capable ones. If you do not know how many exist, assume some do and prioritize published apps connected to MongoDB, CouchDB, Elasticsearch, DynamoDB-PartiQL, or REST backends using JSON bodies.

Validation after remediation

After upgrading to 3.39.12 or later, verify the running version on every node and confirm there are no stale containers, pods, or autoscaling templates still pinned to an affected release. It is common to patch the main deployment but leave worker nodes or standby environments behind.

Then test representative published apps, especially those with search and write functionality. Confirm that normal user input works, that special characters are handled safely, and that public endpoints no longer allow query widening. If you have pre-production, this is a good case for regression tests that submit malicious JSON metacharacters in app parameters and assert that the backend query does not change semantics.

Finally, perform a retrospective review for possible compromise. Because unauthenticated read access may not leave obvious signs, examine request logs, backend query volumes, and suspicious record changes since the vulnerable version was exposed. Where sensitive data may have been accessible, prepare for breach assessment and notification decisions based on your regulatory obligations.

References

Primary sources for this article:

In short, CVE-2026-54350 is a critical, unauthenticated Budibase vulnerability with serious data exposure potential in versions before 3.39.12. Even without confirmed in-the-wild exploitation or a confirmed public PoC repository from the available source set, the impact and low barrier to abuse make this an immediate patching and exposure-review priority.

For further reading on security practices, check our articles on what is Just-In-Time Access and what is salting.

This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.

Last verified: 2026-06-26

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.