Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 6:28 p.m.15 views

Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema

The webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding...

7.5CVSS5.2AI score0.00224EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 6:28 p.m.7 views

GHSA-QHV3-WJG8-6FX6 Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema

The webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the body schema for a known webhook and mutate the corresponding...

7.5CVSS5.3AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 4:57 p.m.28 views

CVE-2026-48151

Budibase (open-source low-code platform) contains an authorization bypass in the webhook schema-building endpoint prior to 3.39.0. The endpoint under builderRoutes allowed an unauthenticated caller to update the body schema for a known webhook and mutate the associated automation trigger output s...

7.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 4:57 p.m.14 views

CVE-2026-48151 Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...

7.5CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 4:57 p.m.42 views

CVE-2026-48151 Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema

Budibase is an open-source low-code platform. Prior to 3.39.0, the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware skips authorization for all paths matching /api/webhooks/schema. As a result, an unauthenticated caller can update the bo...

7.5CVSS0.00224EPSS
Exploits0References1
Rows per page
Query Builder