Budibase: Unvalidated VectorDB Host Parameter Enables SSRF_CVE-2026-48148

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Description

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost, causing the server to initiate outbound TCP connections to internal network addresses or cloud metadata endpoints on their behalf.This vulnerability is fixed in 3.35.3.

Basic Information

ID CVE-2026-48148

Source GitHub_M

Published May 27, 2026 at 17:12

Modified May 27, 2026 at 18:01

Affected Product

Vendor Budibase

Product budibase

Version < 3.35.3

Affected Versions Budibase budibase < 3.35.3

CWE Classification

CWE-918

References

github.com /Budibase/budibase/security/advisories/GHSA-cv96-5348-p5p8

{
    "lastseen": "",
    "description": "Budibase is an open-source low-code platform. Prior to 3.35.3,  the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an arbitrary host value such as 169.254.169.254 or localhost, causing the server to initiate outbound TCP connections to internal network addresses or cloud metadata endpoints on their behalf.This vulnerability is fixed in 3.35.3.",
    "published": "2026-05-27T17:12:31.069Z",
    "modified": "2026-05-27T18:01:09.551Z",
    "type": "cve",
    "title": "Budibase: Unvalidated VectorDB Host Parameter Enables SSRF",
    "source": "GitHub_M",
    "references": "https://github.com/Budibase/budibase/security/advisories/GHSA-cv96-5348-p5p8",
    "id": "CVE-2026-48148",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "Budibase budibase < 3.35.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "budibase",
    "version": "< 3.35.3",
    "vendor": "Budibase",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}