A vulnerability marked as critical has been reported in budibase up to 3.39.8 . Affected by this issue is the function createReadStream of the file /api/pwa/process-zip . The manipulation leads to path traversal. This vulnerability is documented as CVE-2026-54352 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.