EUVD-2026-32598

🗓️ 27 May 2026 17:06:36Reported by EUVDType

Before 3.38.2, SCIM endpoints had no role checks, allowing any authenticated user to manage users and groups.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-46425	27 May 202617:06	–	attackerkb
Circl	CVE-2026-46425	27 May 202619:02	–	circl
CNNVD	Budibase 安全漏洞	27 May 202600:00	–	cnnvd
CVE	CVE-2026-46425	27 May 202617:06	–	cve
Cvelist	CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users	27 May 202617:06	–	cvelist
NVD	CVE-2026-46425	27 May 202618:16	–	nvd
Positive Technologies	PT-2026-42120	20 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-46425	28 May 202620:12	–	redhatcve
Vulnrichment	CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users	27 May 202617:06	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "497acbea-27cf-3d76-92ff-0ef93ab4cecd",
        "vendor": {
          "name": "budibase"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6b419bda-8d7d-3f8d-a97a-8869c81bc656",
        "product": {
          "name": "budibase",
          "vendor": {
            "name": "budibase"
          }
        },
        "product_version": "< 3.38.2"
      }
    ]
  }
]

Source	Link
github	www.github.com/Budibase/budibase/security/advisories/GHSA-q9rw-q89f-jx2f
github	www.github.com/Budibase/budibase/releases/tag/3.38.2

27 May 2026 17:06Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.9

EPSS0.00286