Home > Vulnerability Database > CVE-2026-25505

Mend.io Vulnerability Database

CVE-2026-25505

Good to know:

Date: February 4, 2026

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

Severity Score

9.8

Related Resources (6)

Url: https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-25505

Url: https://github.com/maziggy/bambuddy

Url: https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/core/auth.py#L28

Url: https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc24-px2r-5qmf

Url: https://www.mend.io/vulnerability-database/CVE-2026-25505

Severity Score

9.8

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

Use of Hard-coded Cryptographic Key

CWE-321

Top Fix

Upgrade Version

Upgrade to version https://github.com/maziggy/bambuddy.git - v0.1.7

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-25505

Good to know:

Date: February 4, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?