VYPR
Critical severityNVD Advisory· Published Feb 4, 2026· Updated Feb 6, 2026

Bambuddy Uses Hardcoded Secret Key + Many API Endpoints do not Require Authentication

CVE-2026-25505

Description

Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
bambuddyPyPI
< 0.1.70.1.7

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.