CVE-2026-48152 | budibase up to 3.38.x Placeholder mergeConfigs authorization

A vulnerability classified as critical was found in budibase up to 3.38.x. This affects the function mergeConfigs of the component Placeholder Handler. Executing a manipulation can lead to incorrect authorization.

This vulnerability appears as CVE-2026-48152. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More