CVE-2026-54352 Overview
CVE-2026-54352 affects Budibase, an open-source low-code platform. Versions prior to 3.39.9 accept builder-uploaded ZIP archives at the POST /api/pwa/process-zip endpoint and extract them using extract-zip@2.0.1. The extractor preserves absolute symlink targets during extraction. The icon-source validator fails to reject symbolic-link entries, allowing a workspace-level builder to read arbitrary files accessible to the server process. This is a path traversal vulnerability tracked as [CWE-22].
Critical Impact
Any authenticated workspace builder can exfiltrate arbitrary files readable by the Budibase server process, including configuration files, credentials, and application secrets.
Affected Products
- Budibase versions prior to 3.39.9
- packages/server component handling PWA ZIP processing
- Deployments using extract-zip@2.0.1 for archive extraction
Discovery Timeline
- 2026-06-26 - CVE-2026-54352 published to NVD
- 2026-06-30 - Last updated in NVD database
Technical Details for CVE-2026-54352
Vulnerability Analysis
The vulnerability chains three flawed behaviors into an arbitrary file read primitive. First, extract-zip@2.0.1 preserves absolute symlink targets when restoring symbolic-link entries from a ZIP archive. An attacker crafts a ZIP containing a symlink entry pointing to any absolute path on the server filesystem, such as /etc/passwd or application secrets.
Second, the icon-source validator at packages/server/src/api/controllers/static/index.ts:259-268 resolves the icon path against baseDir using path.resolve, then checks resolvedSrc.startsWith(baseDir + path.sep). Because the symlink file itself resides inside baseDir, the prefix check passes. The subsequent fs.existsSync(resolvedSrc) call follows the symlink and confirms the target exists, but does not reject symbolic-link entries.
Third, packages/backend-core/src/objectStore/objectStore.ts:302 calls (await fsp.open(path)).createReadStream() on the resolved path. fsp.open transparently follows the symlink, streaming the target file's bytes into MinIO object storage. The uploaded object is then served back verbatim through GET /api/assets/{appId}/pwa/{uuid}.png.
Root Cause
The root cause is missing symbolic-link validation across the entire icon processing pipeline. None of the three sequential checks call fs.lstat to detect and reject symlink entries before the file contents are read and streamed to storage.
Attack Vector
Exploitation requires authenticated builder-level access to a workspace. The attacker uploads a ZIP archive containing an icons.json referencing symlinks that point to sensitive filesystem paths. The processed asset endpoint then returns the target file contents as if it were an icon image. Refer to the GitHub Security Advisory GHSA-w7mq-r738-x278 for full technical details.
Detection Methods for CVE-2026-54352
Indicators of Compromise
- Unusual ZIP uploads to POST /api/pwa/process-zip from builder accounts
- Assets served via GET /api/assets/{appId}/pwa/{uuid}.png containing non-image content such as ASCII text or configuration data
- MinIO objects with .png extensions whose byte signatures do not match PNG headers
Detection Strategies
- Inspect application logs for ZIP extraction events referencing symlink entries in the packages/server extraction routines
- Correlate builder-account uploads to /api/pwa/process-zip with subsequent asset retrievals returning atypical content types or file sizes
- Scan MinIO storage for objects served under /pwa/ paths that contain non-image binary signatures
Monitoring Recommendations
- Enable request logging for all /api/pwa/process-zip and /api/assets/ endpoints with full user attribution
- Alert on any process-zip request followed by rapid asset downloads within a short time window
- Track filesystem access patterns of the Budibase server process for reads outside expected application directories
How to Mitigate CVE-2026-54352
Immediate Actions Required
- Upgrade Budibase to version 3.39.9 or later immediately
- Audit builder accounts and revoke unnecessary workspace-level access
- Review MinIO storage for suspicious .png assets uploaded before patching
Patch Information
The vulnerability is fixed in Budibase 3.39.9. The patch adds symbolic-link rejection to the icon-source validation logic. Refer to the Budibase GitHub Security Advisory for complete patch details and release notes.
Workarounds
- Restrict builder role assignments to trusted users only until the patch is applied
- Deploy the Budibase server process under a dedicated low-privilege user account with minimal filesystem read permissions
- Isolate the Budibase server using container filesystem restrictions or mandatory access controls to limit readable paths
# Upgrade Budibase to the patched release
npm install @budibase/server@3.39.9 @budibase/worker@3.39.9
# Or update the Docker image tag
docker pull budibase/budibase:3.39.9
docker compose up -d
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

