Critical Vulnerability in AI Vibe Coding platform Base44

Wiz Research discovered a critical vulnerability in the AI "vibe coding" platform, Base44, which allowed unauthorized access to private enterprise applications. The flaw enabled an attacker to bypass authentication controls like SSO by using exposed API endpoints to register a new user with only a publicly available application ID. This granted full access to potentially sensitive data within internal chatbots and other tools built on the platform. After responsible disclosure, the vulnerability was promptly fixed by Base44/Wix within 24 hours, with an investigation finding no evidence of malicious exploitation.