Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is…

CVE-2026-25505 affects Bambuddy, a self-hosted print archive and management system for Bambu Lab 3D printers. The vulnerability involves a hardcoded secret key used for signing JWTs that is checked into source code, and ManyAPI routes that do not check authentication. This allows unauthorized access to the system. The issue affects versions prior to 0.1.7 and has been patched in version 0.1.7. The vulnerability represents a significant authentication bypass issue that could allow attackers to gain unauthorized access to the print management system.