AI-based development platform Base44 impacted by critical bug

Threat actors could leverage a critical authentication vulnerability in the artificial intelligence-powered vibe coding platform Base44 to facilitate private app registration and access without needing Single Sign-On authentication, according to Infosecurity Magazine.

Only an app_id available in app URLs and manifest files is necessary to enable verified account creation on private apps using the flaw, a report from Wiz Research showed. Researchers noted that multiple enterprise apps managing internal chatbots and knowledge bases, human resources and personally identifiable information, and automation tools could have been affected by the security issue, which has not yet been exploited but has been promptly fixed by Base44 owner Wix. Organizations using the Base44 platform should evaluate their analytics for potentially malicious activity, said Wiz researchers, who noted the vulnerability to emphasize the threats associated with vibe coding, as well as improper authentication and other typical control failings in AI.