Vibe Graveyard

Back to Graveyard

Base44 auth flaw let attackers hijack sessions

Jul 2025

Wiz researchers found Base44 auth logic bugs that allowed account takeover across sites using the SDK.

Incident Details

Perpetrator:Developer

Severity:Facepalm

Blast Radius:Potential ATO across many sites until patches rolled out.

Tech Stack

Base44JWTOAuth 2.0Web SDK

References

The Hacker News: Widespread auth flaw in Base44 ↗Wiz research detail ↗Infosecurity Magazine: Critical auth flaw in Base44 vibe-coding platform ↗Nudge Security: Base44 vulnerability allowed unauthorized access to private apps ↗