CVE Catalog

CVE-2026-45715

High
Published: Translated: NVD NIST

Summary

Budibase is an open-source low-code platform. Prior to version 3.38.1, the REST datasource integration does not re-check the IP blacklist when following HTTP redirects, allowing an authenticated Builder to access internal services through an attacker-controlled server.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive internal data and services, potentially leading to information leakage or system compromise.

Recommendation

It is recommended to upgrade Budibase to version 3.38.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal services (cloud metadata, databases) by redirecting through an attacker-controlled server. This vulnerability is fixed in 3.38.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS