CVE-2026-48152 in budibaseالمعلومات

الملخص

بحسب MITRE • 27/05/2026

Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific ownership/resource checks. The built-in Basic app user role maps to the WRITE permission set, which includes table read/write and query write. A Basic user can therefore read an existing REST datasource, receive redacted authConfigs values, submit an update that changes only config.url while keeping the redacted placeholders, and trigger an existing saved relative-path REST query. During update, mergeConfigs() restores the old stored secret when it sees the redaction placeholder. During query execution, Budibase prefixes the attacker-controlled datasource config.url to the relative query path and applies the resolved stored auth headers. The result is server-side disclosure of the builder-configured REST Authorization secret to an attacker-controlled listener. This vulnerability is fixed in 3.39.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

21/05/2026

إفشاء

27/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-366479

EPSS

0.00047

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-48152
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-48152
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-48152/

التالي نظرة عامة السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!