CVE-2026-46426 | budibase up to 3.38.1 File Upload Endpoint /api/attachments/process cross site scripting (GHSA-82rc-gxrg-v4gf)

Inserito da Angelo Barbosa | Mag 27, 2026 | CVE

A vulnerability, which was classified as problematic, was found in budibase up to 3.38.1. The impacted element is an unknown function of the file /api/attachments/process of the component File Upload Endpoint. Such manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2026-46426. The attack may be launched remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-46426 | budibase up to 3.38.1 File Upload Endpoint /api/attachments/process cross site scripting (GHSA-82rc-gxrg-v4gf)

Post correlati

CVE-2025-3090 | MB connect line/Helmholz mbCONNECT24/mymbCONNECT24/myREX24/myREX24.virtual up to 2.17.x missing authentication (VDE-2025-034)

CVE-2025-50584 | StudentManage 1.0 Add A New Teacher Module cross site scripting

CVE-2025-42945 | SAP NetWeaver Application Server ABAP up to KRNL64UC 7.53 cross site scripting

CVE-2025-66736 | youlai-boot 2.21.1 SysUserController.java importUsers authorization