CVE-2026-25505

9.8 CRITICAL
Published: February 04, 2026 Modified: February 27, 2026
View on NVD

Description

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28
Source: security-advisories@github.com
Patch
https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.md
Source: security-advisories@github.com
Release Notes
https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9
Source: security-advisories@github.com
Patch
https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb
Source: security-advisories@github.com
Patch
https://github.com/maziggy/bambuddy/pull/225
Source: security-advisories@github.com
Issue Tracking Patch
https://github.com/maziggy/bambuddy/releases/tag/v0.1.7
Source: security-advisories@github.com
Product Release Notes
https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf
Source: security-advisories@github.com
Exploit Vendor Advisory

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
0.3%
56th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-306 CWE-321

Affected Vendors

bambuddy

Related CVEs

CVE-2026-33179 5.5
CVE-2026-33165 5.5
CVE-2026-33164 N/A
CVE-2026-33156 7.8
CVE-2026-33155 N/A