CNNVD-202601-4855 Information

Jan 29, 2026 cve

CNNVD ID

CNNVD-202601-4855

CVE-2026-25040

CNNVD Published: 2026-01-29

Description (Chinese)

Budibase是英国Budibase开源的一个用于在几分钟内创建内部应用程序、工作流和管理面板的低代码平台。 Budibase 3.26.3及之前版本存在安全漏洞，该漏洞源于Creator级用户可操纵API请求邀请具有任意角色的新用户，可能导致权限提升和完全接管。

Description (English)

Budibase is a low-code platform for creating in-house applications, workflows and management panels in minutes. There is a security loophole in Budibase 3.26.3 and earlier versions, which stems from the fact that Creator-level users can manipulate API requests to invite new users with arbitrary roles, which could lead to the upgrading of privileges and full takeover.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Budibase

Published

2026-01-29

Last Modified

2026-02-24

References

https://github.com/Budibase/budibase/security/advisories/GHSA-4wfw-r86x-qxrm https://drive.google.com/file/d/1Dtn1WLJILRYUeoMjEbUfCbqQ3g2AW2Qz/view?usp=sharing https://github.com/user-attachments/files/22066135/budibase-privileged-esc-poc.txt https://access.redhat.com/security/cve/cve-2026-25040

Share on: