CVE-2026-25043 Budibase: Unauthenticated Password Reset Endpoint Lacks Rate Limiting, Enabling Email Flooding
Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...