CVE-2026-48150 | budibase up to 3.38.x EXPANDED_PUBLIC_API Feature assign dynamically-determined object attributes (GHSA-6xp4-cf37-ppjh)

A vulnerability was found in budibase up to 3.38.x. It has been rated as problematic. This impacts an unknown function of the file /api/public/v1/roles/assign of the component EXPANDED_PUBLIC_API Feature. The manipulation leads to dynamically-determined object attributes.

This vulnerability is referenced as CVE-2026-48150. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More