Skip to main content

Budibase CVE-2026-48148

| EUVDEUVD-2026-32605 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-27 security-advisories@github.com GHSA-cv96-5348-p5p8
5.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 21:05 vuln.today
Patch available
May 27, 2026 - 19:46 EUVD

DescriptionGitHub Advisory

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost, causing the server to initiate outbound TCP connections to internal network addresses or cloud metadata endpoints on their behalf.This vulnerability is fixed in 3.35.3.

AnalysisAI

Server-Side Request Forgery in Budibase's VectorDB configuration endpoint (versions prior to 3.35.3) allows authenticated builder-level users to supply arbitrary host values - including cloud metadata addresses such as 169.254.169.254 or localhost - causing the server to initiate outbound TCP connections to internal network resources on the attacker's behalf. No public exploit has been identified at time of analysis, though SSVC classifies exploitation status as 'poc', indicating proof-of-concept material exists. In cloud-hosted deployments, the real-world impact exceeds what the CVSS 5.3 score implies, as metadata endpoint access can expose instance credentials and enable privilege escalation.

Technical ContextAI

Budibase is an open-source low-code platform that includes a VectorDB integration for AI/embedding workflows. The VectorDB configuration endpoint accepts a host parameter from the client, which is passed directly to server-side connection logic without sanitization against RFC 1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local ranges (169.254.0.0/16), loopback addresses, or disallowed URL schemes. CWE-918 (Server-Side Request Forgery) describes the root cause class: a server blindly proxies requests to user-controlled destinations, acting as a network relay into otherwise inaccessible segments. The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N confirms the endpoint is network-accessible, trivially exploitable from a complexity standpoint, requires no special attack pre-conditions, and needs only low-privilege (builder-level) authentication. The confidentiality impact is scored as Low for both the vulnerable system (VC:L) and subsequent scope (SC:L), reflecting partial data exposure rather than full compromise.

RemediationAI

The primary fix is to upgrade Budibase to version 3.35.3 or later, which introduces host parameter validation against internal IP ranges, reserved hostnames, and disallowed URL schemes. Details are available in the GitHub Security Advisory at https://github.com/Budibase/budibase/security/advisories/GHSA-cv96-5348-p5p8. For environments unable to patch immediately, apply egress firewall rules or cloud security group policies on the Budibase host to block outbound connections to RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local ranges (169.254.0.0/16), and loopback (127.0.0.1) - note this may break legitimate internal integrations and must be tested before deployment. In AWS environments, additionally enforce IMDSv2 (token-required mode) on the EC2 instance hosting Budibase, which mitigates metadata credential theft even if SSRF is achieved, without affecting application functionality. Restricting builder-level access to trusted internal users reduces the authenticated attack surface until patching is complete.

Share

CVE-2026-48148 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy