ГлавнаяУязвимости → CVE-2026-25505
9.8критическая

CVE-2026-25505

Описание

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

Затрагиваемое ПО
Bambuddy Bambuddy
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.mdhttps://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fbhttps://github.com/maziggy/bambuddy/pull/225https://github.com/maziggy/bambuddy/releases/tag/v0.1.7https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf