CVE-2026-54350 | budibase up to 3.39.11 JSON Parser queries.ts collection.find sql injection (GHSA-8qv3-p479-cj62)

Inserito da Angelo Barbosa | Giu 27, 2026 | CVE

A vulnerability was found in budibase up to 3.39.11. It has been declared as critical. Affected is the function collection.find of the file packages/server/src/sdk/workspace/queries/queries.ts of the component JSON Parser. Such manipulation leads to sql injection.

This vulnerability is referenced as CVE-2026-54350. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-54350 | budibase up to 3.39.11 JSON Parser queries.ts collection.find sql injection (GHSA-8qv3-p479-cj62)

Post correlati

CVE-2026-0835 | IBM Sterling B2B Integrator up to 6.1.2.7_2/6.2.0.5_1/6.2.1.1_1/6.2.2.0 cross site scripting

CVE-2022-45186 | SalesAgility SuiteCRM 7.12.7 improper authentication

CVE-2024-6588 | Blubrry PowerPress Podcasting Plugin up to 11.9.10 on WordPress media_url cross site scripting

CVE-2023-50855 | Sam Perrow Pre Party Resource Hints Plugin up to 1.8.18 on WordPress sql injection