Executive Summary

CVE-2026-48151 is a vulnerability in Budibase versions prior to 3.39.0 involving an authorization bypass in the webhook schema-building endpoint.

The webhook schema endpoint is registered under builder-only routes, but a generic authorization middleware skips authorization for all webhook schema paths. This allows an unauthenticated attacker to update the body schema of known webhooks and mutate the corresponding automation trigger output schema.

As a result, attackers can send crafted requests to modify webhook and automation schema metadata without any privileges or user interaction.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability primarily impacts data integrity by allowing unauthorized modifications to webhook and automation schemas.

Such unauthorized changes can corrupt automation definitions, alter downstream binding behavior, and disrupt workflows that rely on webhook triggers.

There is no direct impact on confidentiality or availability, but the disruption of automated processes can affect business operations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unauthorized updates to the webhook schema via the /api/webhooks/schema endpoint without authentication.

To detect exploitation attempts on your network or system, monitor HTTP requests targeting the /api/webhooks/schema path, especially those that attempt to modify webhook schemas.

You can use network monitoring tools or command-line utilities to filter and inspect such requests.

• Using tcpdump to capture HTTP traffic to the vulnerable endpoint: tcpdump -i any -A -s 0 'tcp port 80 or tcp port 443' | grep '/api/webhooks/schema'
• Using curl to test if the endpoint is accessible without authentication: curl -X POST http://your-budibase-instance/api/webhooks/schema -d '{"test":"data"}' -v
• Checking application logs for unauthorized schema update attempts or unusual POST requests to /api/webhooks/schema.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade Budibase to version 3.39.0 or later, where this vulnerability is fixed.

Until the upgrade can be performed, restrict access to the /api/webhooks/schema endpoint by implementing network-level controls such as firewall rules or reverse proxy restrictions to block unauthenticated access.

Additionally, monitor logs and network traffic for suspicious activity targeting the webhook schema endpoint.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability primarily impacts data integrity by allowing unauthorized modification of webhook and automation schemas without affecting confidentiality or availability.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, unauthorized data manipulation could potentially lead to non-compliance issues if automation triggers or workflows handling regulated data are altered maliciously.

However, there is no direct information provided about specific effects on compliance with these regulations.

Useful 0 Not Useful 0