Wiz
Blog

Wiz Research Uncovers Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications

New discovery underscores security implications of AI-powered development and the rise of Vibe Coding Platforms

Gal Nagli
8 minute read

One of the most profoundly transformed domains in the wake of the LLM revolution has been code generation, especially the rise of vibe coding, where natural language prompts replace traditional programming. This shift has empowered millions of users with little to no technical background to build fully functional applications with ease.

Platforms like Loveable, Bolt, and Base44 are on the front of this movement - they have enabled the creation of millions of applications spanning from personal tools to enterprises that now rely on these platforms to build internal chatbots, create complex automations, and trust them with sensitive corporate data.

In our mission to find novel AI and cloud risks, Wiz Research has been looking into the security posture of these AI-powered development platforms to identify common vulnerabilities that may impact the industry as a whole – a mission that becomes even more important as these systems and technologies get infused into governments and other critical infrastructure.

Executive Summary

Wiz Research has identified a critical vulnerability affecting the popular vibe coding platform Base44 (recently acquired by Wix following an amazingly rapid rise) which allowed unauthorized access to private applications built by its users.

The vulnerability we discovered was remarkably simple to exploit - by providing only a non-secret app_id value to undocumented registration and email verification endpoints, an attacker could have created a verified account for private applications on their platform.

This effectively bypassed all given authentication controls that Base44 provided, including Single Sign-On (SSO), granting full access to what were intended to be private enterprise applications and the sensitive data they might have contained.

Upon discovering the vulnerability, we immediately and responsibly disclosed the issue to both Base44 and Wix who promptly validated our report. The vulnerability was fixed in less than 24 hours, with Wix confirming that there was no evidence of past abuse (see their statement below).

In this blog post, we will detail our discovery process and discuss how the security implications extend beyond the specific platform to the broader AI-powered development ecosystem.

Vibe Coding Platforms - Shared Infrastructure, Shared Risk

The term vibe coding was coined by OpenAI co-founder Andrej Karpathy in February 2025 to describe a development approach where users fully trust AI to generate code without manual oversight. Platforms and vendors quickly emerged to offer this capability, democratizing software development by allowing anyone to build applications using plain language.

To grasp the severity of the vulnerability we found and similar ones, it’s essential to understand the shared-risk model of vibe coding platforms. All applications run on the vendor's shared infrastructure, meaning every customer inherits the vendor's security posture. This model introduces a critical single point of failure - a single flaw in the platform’s core, especially in a critical component like authentication, instantly jeopardizes every single application built upon it.

The rapid enterprise adoption of these platforms for critical functions - handling sensitive data through internal chatbots, automations, and business tools - is precisely why we decided to focus our research efforts on this emerging attack surface. By understanding the potential impact of these systemic risks and by working with vendors to address them, we can help ensure the secure evolution of this transformative technology, helping vendors become more proactive in their quest for security assurance.

Exposure Walkthrough

Our reconnaissance began by assessing Base44's publicly accessible domains. By mapping the external attack surface with straightforward reconnaissance techniques (passive and active discovery of subdomains), we identified around five internet facing subdomains. All appeared benign, hosting the main application, documentation, and marketing website - none of which initially suggested an interesting entry point.

Continuing with the research, we received an alert about two Swagger-UI interfaces that were publicly accessible across app.base44.com and docs.base44.com, providing information of internal documentation & API endpoints.

Swagger-UI is an open-source tool that provides an interactive interface for visualizing and testing APIs, making it easier to understand and interact with web services.

By leveraging Swagger's interface, we browsed through the API endpoints looking for any endpoint that might leak sensitive data, allow privileged permissions, or be accessible without authentication. The API documentation was well-organized into several segments, but one section immediately caught our attention: the "auth" APIs.

Given that Base44 is a vibe coding platform used by enterprises, we recognized that any authentication tampering vulnerability would have maximum impact. Before diving into the API specifications, we first examined how Base44 offers different authentication methods to its customers:

  1. Public (requires login) – Default setting allowing any user to sign up and access the application

  2. Private with Beta authentication – Still allows self-signup, effectively remaining public

  3. Private with SSO – The only real private option, restricting access to invited users while enforcing SSO in the authentication flow

Armed with this knowledge, we wondered if any of the authentication APIs could bypass these restrictions.

After examining the documentation, we discovered an interesting lead which eventually turned into a critical misconfiguration - the api/apps/{app_id}/auth/register (registering a new user by providing email address and password) and api/apps/{app_id}/auth/verify-otp  (verifying our user by providing one-time-password) endpoints were exposed without authentication, allowing anyone to register for private applications using only the app_id value it expects - particularly interesting in cases where sign-up is disabled.

The question became - how do we obtain app_id values? These appeared as random strings like 686d0a751a78bb2608517740, but we quickly discovered they weren't a secret at all. When we navigate to any application developed on top of Base44, the app_id is immediately visible in the URI and manifest.json file path, all applications have their app_ids value hardcoded in their manifest path: manifests/{app_id}/manifest.json.

Using our target application's app_id, we successfully registered a new user account through the Swagger-UI interface, received an OTP verification code via email, and verified our new account - all for an application we didn't own and that was configured for SSO-only access.

After confirming our email address, we could just login via the SSO within the application page, and successfully bypass the authentication.

We used 2 different methods to discover Base44 applications in the wild, which helped us proactively notify a couple of our customers who were vulnerable.

1. Enterprise applications with custom domains - Base44 allows companies to add custom domains, they all share the same CNAME record - pointing to base44.onrender.com, using this knowledge, we identified several enterprise applications in our reconnaissance data.

2. General Reconnaissance - any Base44 application is presented with the same login page flow, equipped with identifiers that mention the string “base44”, we used platforms such as urlscan that helped us discover additional applications empowered by the vibe coding platform by searching for HTML data.

Impact of the Vulnerability

This vulnerability meant that private applications hosted on Base44 could be accessed without authorization. During our research we managed to confirm authentication bypass was available across several enterprise applications that utilized the popular vibe coding platform for internal chatbots, knowledge bases, PII & HR operations - significant sensitive data that could have been leaked to unauthorized attackers.

What made this vulnerability particularly concerning was its simplicity - requiring only basic API knowledge to exploit. This low barrier to entry meant that attackers could systematically compromise multiple applications across the platform with minimal technical sophistication. Fortunately, Wix confirmed that there was no evidence of exploitation in the wild.

Am I Affected?

If you or your organization utilize Base44’s platform, especially for business operations or for storing sensitive data, Here's what you need to know:

The vulnerability has been completely resolved. Following our responsible disclosure on July 9th, 2025, Wix implemented a fix within 24 hours that properly validates application privacy settings before allowing user registration.

No evidence of malicious exploitation. Wix conducted a thorough investigation and confirmed there was no indication of past abuse or compromise across the Base44 user base during the vulnerable period.

No action required from customers. Since the fix was implemented platform-wide by Base44/Wix, no additional steps are needed from organizations using the platform.

Wiz Research verified the fix - Wiz Research independently verified that the fix completely addresses the vulnerability - Base44 now correctly prevents unauthorized registration attempts on private applications.

While no immediate action is required, organizations may want to:

  • Review the data -> analytics section inside your Base44 application settings for any unusual user visits and registrations to any of your private applications during the vulnerable period (July 9th and earlier)

  • Implement additional monitoring for third-party platform access as a general security best practice

  • Wiz customers can use the inventory page to identify any Base44 applications in their environment, detected by our External Attack Surface.

Key Takeaways

This vulnerability highlights a critical gap in how we evaluate AI development platforms. While security discussions often focus on AI-specific threats like model poisoning or prompt injection, the most immediate risks stem from fundamental security controls - proper authentication and secure API design.

Vibe Coding platforms create new attack surfaces that traditional security frameworks may not adequately address. As they continue to evolve and gain enterprise adoption, the security community, vendors, and organizations must work together to build robust security foundations.

Through responsible disclosure and open dialogue, we can help these transformative platforms strengthen their security posture and develop with security as a core consideration, so enterprises can trust them more without worry and develop at a faster pace than ever before.

Statement from Base44, part of Wix

The security and privacy of our users are paramount. We are committed to maintaining the highest standards of security across all our products and platforms. The recent acquisition of Base44 by Wix was driven in large part by Wix’s commitment to delivering trusted, robust technology backed by the company’s industry-leading infrastructure and security standards.

Immediately upon being notified by the Wiz research team about a potential vulnerability, we conducted a thorough investigation and took swift, decisive action to remediate the issue in the Base44 platform. We’ve investigated and, so far, found no evidence that any customer was impacted by an attacker leveraging the vulnerability. Our investigation is ongoing as we continue to take this matter seriously.

We continue to invest heavily in strengthening the security of all products and potential vulnerabilities are proactively managed. We remain committed to protecting our users and their data.

Closure

The AI development landscape is evolving at unprecedented speed, with Vibe Coding platforms transforming how organizations build software. However, this rapid innovation cycle often outpaces security considerations, creating systemic risks that affect entire ecosystems rather than individual applications.

Building security into the foundation of these platforms, not as an afterthought - is essential for realizing their transformative potential while protecting enterprise data. We thank Wix for their prompt collaboration and response to our disclosure.

Disclosure timeline 

  • July 9th, 2025 - Wiz Research discovers and reports the vulnerability to Wix & Base44

  • July 9th, 2025 - Wix acknowledges the recipient of the report, working on a fix.
    July 10th, 2025 - Wiz researchers verify the fix, external users can no longer register to private applications

  • July 13th, 2025 - Wix confirms that the issue is officially resolved, while reporting no indication of compromise across Base44 user-base.

  • July 29th, 2025 - Public Disclosure

Tags
#Research#Vulnerabilities

Continue reading

TraderTraitor: Deep Dive

Merav Bar

Inside the Lazarus subgroup that’s hijacking cloud platforms, poisoning supply chains, and stealing billions in digital assets.

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo