← Zuruck zu CVEs

CVE-2026-25505

CRITICAL

9.8

Beschreibung

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/4/2026

Zuletzt geandert2/27/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

bambuddy:bambuddy

Schwachen (CWE)

CWE-306CWE-321

Referenzen

https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28(security-advisories@github.com)

https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.md(security-advisories@github.com)

https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9(security-advisories@github.com)

https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb(security-advisories@github.com)

https://github.com/maziggy/bambuddy/pull/225(security-advisories@github.com)

https://github.com/maziggy/bambuddy/releases/tag/v0.1.7(security-advisories@github.com)

https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf(security-advisories@github.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.