CVE-2026-48148: Budibase SSRF Vulnerability

CVE-2026-48148 Overview

CVE-2026-48148 is a Server-Side Request Forgery (SSRF) vulnerability in Budibase, an open-source low-code platform. The flaw resides in the VectorDB configuration endpoint, which accepts a host parameter without validating it against internal IP ranges, reserved hostnames, or URL schemes. An authenticated user with builder-level access can submit values such as 169.254.169.254 or localhost, causing the Budibase server to initiate outbound TCP connections to internal network resources or cloud metadata services. The vulnerability affects versions prior to 3.35.3 and is fixed in 3.35.3. It is classified under CWE-918.

Critical Impact

Authenticated builder-level users can coerce the Budibase server into connecting to internal services and cloud metadata endpoints, enabling reconnaissance and potential credential theft from cloud environments.

Affected Products

• Budibase versions prior to 3.35.3
• Budibase self-hosted deployments exposing the VectorDB configuration endpoint
• Budibase instances deployed in cloud environments with accessible metadata services

Discovery Timeline

• 2026-05-27 - CVE-2026-48148 published to NVD
• 2026-05-27 - Last updated in NVD database

Technical Details for CVE-2026-48148

Vulnerability Analysis

The vulnerability is a Server-Side Request Forgery (SSRF) flaw in the Budibase VectorDB configuration endpoint. The endpoint accepts a user-supplied host parameter that is passed directly to the server's outbound network connection logic. Budibase performs no validation against private IP ranges (RFC 1918), loopback addresses, link-local addresses, or reserved hostnames before initiating the TCP connection.

An attacker authenticated as a builder-level user can supply arbitrary host values. Supplying 169.254.169.254 causes the server to query the cloud instance metadata service on AWS, Azure, or GCP environments. Supplying localhost or 127.0.0.1 redirects connections to services bound to the loopback interface. Supplying internal RFC 1918 addresses enables internal network reconnaissance.

The impact varies by deployment context. In cloud-hosted Budibase instances without IMDSv2 enforcement, an attacker can retrieve temporary IAM credentials from the metadata service. In on-premises deployments, the attacker can probe internal services, identify open ports, and fingerprint internal infrastructure that should not be reachable from the application tier.

Root Cause

The root cause is missing input validation on the host parameter in the VectorDB configuration endpoint. The application accepts the value as-is and passes it to the connection establishment routine. No allowlist, denylist, or URL scheme validation is enforced.

Attack Vector

The attack requires network access to the Budibase application and authenticated builder-level privileges. The attacker submits a crafted VectorDB configuration request containing a host value pointing at an internal target. The server initiates an outbound TCP connection to the supplied destination on behalf of the attacker. Response behavior, timing, and error messages can leak information about the targeted internal resource.

No verified exploitation code is publicly available. See the GitHub Security Advisory GHSA-cv96-5348-p5p8 for vendor-provided technical details.

Detection Methods for CVE-2026-48148

Indicators of Compromise

• Outbound TCP connections from the Budibase server process to 169.254.169.254, 127.0.0.1, or RFC 1918 address ranges that are not part of normal operation
• VectorDB configuration API requests containing internal IP addresses, localhost, or non-standard URL schemes in the host field
• Unexpected access patterns to cloud instance metadata service endpoints originating from the Budibase application host

Detection Strategies

• Inspect application and reverse proxy logs for VectorDB configuration requests and correlate the submitted host values against internal address ranges and reserved hostnames
• Monitor egress traffic from the Budibase server for connections to link-local, loopback, and private address space
• Audit builder-account activity for anomalous configuration changes, especially from accounts that do not typically modify VectorDB settings

Monitoring Recommendations

• Enable verbose logging on the Budibase API gateway and forward logs to a centralized analytics platform for query and retention
• Configure cloud provider flow logs (VPC Flow Logs, NSG Flow Logs) to capture connection attempts to metadata service endpoints
• Alert on any process-level network connection from the Budibase server to 169.254.169.254 or to ports associated with internal management services

How to Mitigate CVE-2026-48148

Immediate Actions Required

• Upgrade Budibase to version 3.35.3 or later, which contains the validated input fix
• Restrict builder-level access to trusted administrators and audit all current builder accounts
• On cloud deployments, enforce IMDSv2 with hop-limit restrictions to prevent SSRF-based credential theft from instance metadata

Patch Information

The vulnerability is fixed in Budibase 3.35.3. The patch adds validation on the VectorDB host parameter to reject internal IP ranges, reserved hostnames, and disallowed URL schemes. Refer to the GitHub Security Advisory GHSA-cv96-5348-p5p8 for full vendor remediation details.

Workarounds

• Place Budibase behind an egress firewall that blocks outbound connections to 169.254.169.254, loopback addresses, and RFC 1918 ranges where not required
• Run Budibase in a network segment with no route to internal management services or cloud metadata endpoints
• Temporarily revoke builder-level privileges from non-essential accounts until the upgrade to 3.35.3 is completed

# Example iptables egress rules to block SSRF targets on the Budibase host
iptables -A OUTPUT -d 169.254.169.254 -j REJECT
iptables -A OUTPUT -d 127.0.0.0/8 ! -o lo -j REJECT
iptables -A OUTPUT -d 10.0.0.0/8 -j REJECT
iptables -A OUTPUT -d 172.16.0.0/12 -j REJECT
iptables -A OUTPUT -d 192.168.0.0/16 -j REJECT