CVE-2026-42239 | budibase up to 3.35.9 utils.ts budibase:auth cookie httponly flag (GHSA-4f9j-vr4p-642r)

A vulnerability was found in budibase up to 3.35.9. It has been classified as problematic. This vulnerability affects the function budibase:auth of the file packages/backend-core/src/utils/utils.ts. Performing a manipulation results in cookie without ‘httponly’ flag.

This vulnerability is reported as CVE-2026-42239. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More