Data Source Management Vulnerability in Budibase by Budibase
CVE-2026-45717

8.8HIGH

Key Information:

Vendor: Budibase
Status: Budibase
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45717?

The Budibase platform, an open-source low-code solution, exposes a REST API endpoint for data source management that can be manipulated by authenticated users with inadequate permission controls. Prior to version 3.38.1, any user with basic roles can exploit the opportunity to submit unauthorized configuration changes to data sources. This flaw allows attackers to modify sensitive connection settings, including database credentials and URLs, potentially redirecting connections to internal services and compromising overall system security. A patch in version 3.38.1 addresses this critical flaw, enhancing authorization checks to secure the data source management functionalities.

Affected Version(s)

budibase < 3.38.1

References

https://github.com/Budibase/budibase/security/advisories/...

x_refsource_CONFIRM

https://github.com/Budibase/budibase/releases/tag/3.38.1

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45717 Data

JSON