Vibe-coding platform Base44 shipped critical auth vulnerabilities in apps built on its SDK
Jul 2025
Wiz researchers discovered critical authentication vulnerabilities in Base44, an AI-powered vibe-coding platform that lets non-developers build and deploy web apps. The auth logic bugs in Base44's SDK allowed account takeover across every app built and hosted on the platform, affecting all users of those apps until patches were rolled out.
Incident Details
Perpetrator:Developer
Severity:Facepalm
Blast Radius:Potential ATO across many sites until patches rolled out.
Advertisement