{"vulnerability": "cve-2026-54352", "sightings": [{"uuid": "483fba80-eac1-4586-b63d-d07276e8df52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mow4im4pyb2r", "content": "A single Budibase app builder can read every secret on your server.\n\nA rigged app-icon upload exposes the master keys, forges an admin token, and reaches every workspace.\n\nSelf-hosted? Update to 3.39.9 and rotate secrets. (CVE-2026-54352)", "creation_timestamp": "2026-06-23T00:12:27.775773Z"}, {"uuid": "4864f77a-fde9-433f-8769-d9dd7b307a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7y5eswhr2c", "content": "CVE-2026-54352 - Budibase: Arbitrary file read by workspace-builder via PWA-zip symlink upload\nCVE ID : CVE-2026-54352\n \n Published : June 26, 2026, 8:32 p.m. | 1\u00a0hour, 12\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pw...", "creation_timestamp": "2026-06-26T22:21:12.234822Z"}, {"uuid": "df80e4f3-045c-43ac-ab01-6d4db2f9b0e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mpdmouqwyg2u", "content": "CVE-2026-54352 - Critical Path Traversal in Budibase. Symlink extraction allows reading arbitrary files. CVSS 9.6. Unpatched - limit builder access immediately. #CVE #Budibase #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-54352/", "creation_timestamp": "2026-06-28T09:06:53.641937Z"}, {"uuid": "66d8cbca-5614-4df0-af1c-3b5e9cc6e10c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mpdt2kkhgd2y", "content": "\ud83d\udd34 CVE-2026-54352 - Critical (9.6)\n\nBudibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at pac...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-54352/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-28T11:00:49.141725Z"}, {"uuid": "1764ae23-1174-47e8-a669-72f6ff7c4b89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mph77k3sah23", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-54352 \u0432 Budibase: \u0443\u0433\u0440\u043e\u0437\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/A0DB0CCD-330D-495C-8969-C700C2628D60", "creation_timestamp": "2026-06-29T19:16:19.132727Z"}, {"uuid": "9c5e4e6d-5a26-4abf-b92c-08851a6412b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mpkqov5yzy2e", "content": "\ud83d\udccc CVE-2026-54352 - Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a bu... https://www.cyberhub.blog/cves/CVE-2026-54352", "creation_timestamp": "2026-07-01T05:07:07.931884Z"}, {"uuid": "c974d78c-b5c2-4d72-bf50-020c10a27760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-54352", "type": "seen", "source": "https://bsky.app/profile/roguelogics.bsky.social/post/3mplhihbycq2r", "content": "\ud83d\udea8 Patch Alert: CVE-2026-54352 is a high-severity vulnerability affecting widely-used software. This flaw can allow unauthorized remote code execution, putting sensitive data at risk. Our team urges you to patch this vulnerability immediately to mitigate potential threats. Staying ahead of threats\u2026", "creation_timestamp": "2026-07-01T11:55:08.001881Z"}]}