{"vulnerability": "cve-2026-50136", "sightings": [{"uuid": "4b997e7e-97ec-4159-8ac3-acfd488b4869", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50136", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-jj36-r9w3-3pfh", "content": "", "creation_timestamp": "2026-05-28T09:02:01.000000Z"}, {"uuid": "5a4ee430-061f-4358-95fe-9b54c4084767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50136", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7wsw7ek52c", "content": "CVE-2026-50136 - Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials\nCVE ID : CVE-2026-50136\n \n Published : June 26, 2026, 8:36 p.m. | 1\u00a0hour, 8\u00a0minutes ago\n \n Description : Budibase is an open-source low-code pl...", "creation_timestamp": "2026-06-26T21:57:27.970291Z"}, {"uuid": "cbcc9a9b-4b3c-4904-b6a6-1f5bc902c867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50136", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpbgn6otjo2j", "content": "CVE-2026-50136 - Supply Chain Attack in Budibase. Unauthenticated endpoint exposes S3 presigned URLs. CVSS 7.4. No known patch. Mitigate immediately. #CVE #Budibase #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-50136/", "creation_timestamp": "2026-06-27T12:13:15.011957Z"}]}