Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoi…

Budibase, an open-source low-code platform, contains an authentication bypass vulnerability in versions prior to 3.35.4. The vulnerability exists in the authenticated middleware which uses unanchored regular expressions to match public endpoint patterns against ctx.request.url. Since the URL includes query strings in Koa framework, attackers can bypass authentication by appending public endpoint paths as query parameters. For example, POST /api/global/users/search?x=/api/system/status bypasses authentication because the regex matches the query string portion. This allows unauthorized access to protected endpoints and has been fixed in version 3.35.4.