CVE-2026-45548 Overview
CVE-2026-45548 is a Server-Side Request Forgery (SSRF) vulnerability in Budibase, an open-source low-code platform. The flaw resides in the processUrlFile function within packages/server/src/automations/steps/ai/extract.ts. This function calls fetch(fileUrl) directly without applying the IP blacklist validation enforced on other automation steps. Authenticated users can abuse the AI extract automation step to issue server-side HTTP requests to internal network addresses. The issue is tracked under [CWE-918] and is fixed in Budibase 3.34.8.
Critical Impact
Authenticated attackers can pivot through Budibase servers to reach internal services, metadata endpoints, and otherwise unreachable network segments.
Affected Products
- Budibase versions prior to 3.34.8
- Self-hosted Budibase deployments exposing automation features to authenticated users
- Budibase instances with the AI extract automation step enabled
Discovery Timeline
- 2026-05-27 - CVE-2026-45548 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2026-45548
Vulnerability Analysis
The vulnerability exists in the AI extract automation step shipped with Budibase. The processUrlFile function accepts a URL parameter and invokes fetch(fileUrl) to retrieve remote content for downstream AI processing. Other automation steps in Budibase consistently route outbound URLs through an IP blacklist validator that rejects requests targeting private, loopback, and link-local ranges. This validator is missing from the processUrlFile code path. An authenticated user with permission to create or run automations can supply an arbitrary URL and force the Budibase server to issue an outbound request on their behalf.
Root Cause
The root cause is an inconsistent application of SSRF defenses across automation step handlers. The shared IP blacklist validation logic was not invoked from packages/server/src/automations/steps/ai/extract.ts before the call to fetch. The result is a classic SSRF primitive [CWE-918] where user-controlled input flows directly into a server-side HTTP client.
Attack Vector
An authenticated Budibase user creates an automation that uses the AI extract step and supplies a fileUrl pointing to an internal target. Examples include cloud metadata services such as http://169.254.169.254/latest/meta-data/, internal admin consoles bound to 127.0.0.1, or private RFC1918 hosts. The Budibase server resolves and fetches the target, and response content or timing differences may be returned through the automation result. The scope-changed impact reflected in the CVSS vector indicates the request originates from the trusted server context rather than the attacker.
No verified public exploit code is available. See the GitHub Security Advisory GHSA-rpj4-7x2v-wjrf for technical details.
Detection Methods for CVE-2026-45548
Indicators of Compromise
- Outbound HTTP requests from the Budibase server process to 169.254.169.254, 127.0.0.1, or RFC1918 address ranges.
- Automation execution logs referencing the AI extract step with unusual or internal fileUrl values.
- DNS lookups from the Budibase host for internal hostnames not previously contacted.
Detection Strategies
- Inspect Budibase application logs for invocations of processUrlFile and correlate the supplied URLs against an allowlist of expected external domains.
- Monitor egress traffic from Budibase servers at the network layer for connections to link-local, loopback, or private address space.
- Review automation definitions stored in Budibase for AI extract steps configured with internal or metadata-service URLs.
Monitoring Recommendations
- Enable verbose automation step logging and forward events to a centralized SIEM for correlation.
- Alert on any HTTP requests from the Budibase service account to cloud metadata endpoints.
- Track authenticated user actions that create or modify automations to identify abuse patterns.
How to Mitigate CVE-2026-45548
Immediate Actions Required
- Upgrade Budibase to version 3.34.8 or later, which adds the missing IP blacklist validation to processUrlFile.
- Audit existing automations for AI extract steps that reference internal URLs and remove or remediate them.
- Restrict who can create and execute automations to trusted users only.
Patch Information
The vulnerability is fixed in Budibase 3.34.8. The patch adds the shared IP blacklist validation to the processUrlFile function so that requests to internal address ranges are rejected before fetch is called. Release artifacts are available via the Budibase GitHub Releases page and the GitHub Security Advisory GHSA-rpj4-7x2v-wjrf.
Workarounds
- Place Budibase behind an egress proxy or firewall that blocks outbound traffic to RFC1918, loopback, and cloud metadata addresses.
- Disable or restrict the AI extract automation step until the upgrade can be applied.
- Run Budibase in a network segment that has no route to sensitive internal services or cloud metadata endpoints.
# Example egress restriction using iptables to block metadata and private ranges
iptables -A OUTPUT -d 169.254.169.254 -j REJECT
iptables -A OUTPUT -d 10.0.0.0/8 -j REJECT
iptables -A OUTPUT -d 172.16.0.0/12 -j REJECT
iptables -A OUTPUT -d 192.168.0.0/16 -j REJECT
iptables -A OUTPUT -d 127.0.0.0/8 -j REJECT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
