Auth bypass in Budibase

CVE-2026-25045

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR (Insecure Direct Object Reference) due to missing server-side RBAC checks in th…

Vulnerability class: Broken Access Control

EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.