CVE-2026-25040

Medium CVSS: 5.7

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or App Viewer, and assign them to any group in the organization. This allows full privilege escalation, bypassing UI restrictions, and can lead to complete takeover of the workspace or organization. As of time of publication, no known fixed versions are available.

Vendor

Budibase

Product

Budibase

CWE

CWE-863

Yayın Tarihi

2026-01-29 22:15:55

Güncelleme

2026-03-03 15:19:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Budibase MEDIUM Budibase 2026

Referanslar

https://drive.google.com/file/d/1Dtn1WLJILRYUeoMjEbUfCbqQ3g2AW2Qz/view?usp=sharing https://github.com/Budibase/budibase/security/advisories/GHSA-4wfw-r86x-qxrm https://github.com/user-attachments/files/22066135/budibase-privileged-esc-poc.txt

Benzer Kayıtlar

High

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and pr…

Critical

CVE-2026-31816

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.4 and earlier, the Bud…

Critical

CVE-2026-30240

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.31.5 and earlier, a path…

High

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of…

High

CVE-2026-25737

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbi…

High

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the Po…