Base44 Hack Exposes Private Apps in Wix AI Platform

A critical security flaw in Base44, the AI-powered vibe coding platform recently acquired by Wix, exposed private enterprise applications to unauthorized access. The Base44 hack exposes private app access by allowing attackers to exploit a logic flaw using publicly available app IDs, bypassing authentication even for apps protected by Single Sign-On.

Wiz Research identified the vulnerability, which stemmed from open API endpoints that failed to enforce access controls. Attackers could register and verify accounts using undocumented paths, gaining full access to private applications. App IDs embedded in manifest files made the platform’s shared infrastructure especially vulnerable. The Base44 hack exposes privatenature further, as multiple enterprise systems—such as HR portals and internal chatbots—were confirmed susceptible.

Base44 patched the flaw within 24 hours and reported no signs of malicious activity. However, the incident underscores the urgent need for stronger safeguards across AI development platforms handling sensitive data.

Read the full article at: https://cybersecuritynews.com/ai-vibe-coding-platform-hacked/