CVE-2026-25040
Budibase (versions prior to 3.26.4) is vulnerable to privilege escalation via API abuse. A Creator-level user, who normally cannot invite users, can manipulate the user-invitation API to add new users with any role (including Admin, Creator, or App Viewer) and assign them to any group, bypassing ...