CVE Tools
Home/Vulnerability/CVE-2026-48150

CVE-2026-48150

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Published: May 27, 2026Updated: May 27, 2026 Sources: CVE List NVD
NVD MITRE
9.0CVSS
CRITICAL

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders (builder.apps set but builder.global unset). The controller then spreads the request body into the SDK call, and the SDK grants builder.global=true or admin.global=true on whichever user ids the caller supplies. Bob, a workspace-scoped builder with an API key, promotes himself or any other user to global admin with one POST. The whole flow is tenant-wide privilege escalation from an app-level role, available to anyone with an Enterprise license that unlocks the EXPANDED_PUBLIC_API feature. This vulnerability is fixed in 3.39.0.

EPSS Score
N/A
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
No Fix Available

CVSS Vector Breakdown

AV:NAC:LPR:HUI:NS:CC:HI:HA:L
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:HPrivileges Required
High
UI:NUser Interaction
None
Scope
S:CScope
Changed
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:LAvailability
Low

Weaknesses

CWE-915

Affected Products

budibase
Budibase

Exploitability

No known exploits, KEV entries, or remediation guidance available for this vulnerability yet.

References

https://github.com/Budibase/budibase/security/advisories/GHSA-6xp4-cf37-ppjh
github.com

Timeline

Published
May 27, 2026
Last Updated
May 27, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-48150 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
AI-powered analysis
Plain-language impact assessment and exploitation scenario
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows