We use cookies to improve your experience on our site.
AVID-2026-R0250
Description
Critical authentication bypass vulnerability in Base44
Details
Wiz Research identified a critical vulnerability in the Base44 vibe coding platform that allowed unauthorized access to private applications. The vulnerability was due to exposed registration and verification endpoints that could be exploited with a non-secret app_id, bypassing authentication controls such as Single Sign-On (SSO). This flaw posed significant risks as it enabled attackers to access sensitive enterprise data without proper authorization. The issue was responsibly disclosed, and a fix was implemented within 24 hours.
References
Affected or Relevant Artifacts
- Developer: Wix, Base44
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Base44 |
Impact
- (none)
Other information
- Report Type: Advisory
- Credits: Wiz Research
- Date Reported: 2026-03-04
- Version: 0.3.2
- AVID Entry