Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionGitHub Advisory
Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost, causing the server to initiate outbound TCP connections to internal network addresses or cloud metadata endpoints on their behalf.This vulnerability is fixed in 3.35.3.
AnalysisAI
Server-Side Request Forgery in Budibase's VectorDB configuration endpoint (versions prior to 3.35.3) allows authenticated builder-level users to supply arbitrary host values - including cloud metadata addresses such as 169.254.169.254 or localhost - causing the server to initiate outbound TCP connections to internal network resources on the attacker's behalf. No public exploit has been identified at time of analysis, though SSVC classifies exploitation status as 'poc', indicating proof-of-concept material exists. In cloud-hosted deployments, the real-world impact exceeds what the CVSS 5.3 score implies, as metadata endpoint access can expose instance credentials and enable privilege escalation.
Technical ContextAI
Budibase is an open-source low-code platform that includes a VectorDB integration for AI/embedding workflows. The VectorDB configuration endpoint accepts a host parameter from the client, which is passed directly to server-side connection logic without sanitization against RFC 1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local ranges (169.254.0.0/16), loopback addresses, or disallowed URL schemes. CWE-918 (Server-Side Request Forgery) describes the root cause class: a server blindly proxies requests to user-controlled destinations, acting as a network relay into otherwise inaccessible segments. The CVSS 4.0 vector AV:N/AC:L/AT:N/PR:L/UI:N confirms the endpoint is network-accessible, trivially exploitable from a complexity standpoint, requires no special attack pre-conditions, and needs only low-privilege (builder-level) authentication. The confidentiality impact is scored as Low for both the vulnerable system (VC:L) and subsequent scope (SC:L), reflecting partial data exposure rather than full compromise.
RemediationAI
The primary fix is to upgrade Budibase to version 3.35.3 or later, which introduces host parameter validation against internal IP ranges, reserved hostnames, and disallowed URL schemes. Details are available in the GitHub Security Advisory at https://github.com/Budibase/budibase/security/advisories/GHSA-cv96-5348-p5p8. For environments unable to patch immediately, apply egress firewall rules or cloud security group policies on the Budibase host to block outbound connections to RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local ranges (169.254.0.0/16), and loopback (127.0.0.1) - note this may break legitimate internal integrations and must be tested before deployment. In AWS environments, additionally enforce IMDSv2 (token-required mode) on the EC2 instance hosting Budibase, which mitigates metadata credential theft even if SSRF is achieved, without affecting application functionality. Restricting builder-level access to trusted internal users reduces the authenticated attack surface until patching is complete.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32605
GHSA-cv96-5348-p5p8