CVE-2026-45715
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| budibase | budibase | 3.38.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated users to bypass IP blacklist restrictions and access internal services such as cloud metadata endpoints and databases. This could lead to unauthorized access to sensitive data, including potentially personal or protected information.
Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive and personal data to protect confidentiality and privacy.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authenticated Budibase Builder creating a REST datasource that points to an attacker-controlled server which then redirects to internal services, bypassing IP blacklist checks.
To detect exploitation attempts on your system or network, monitor for unusual REST datasource creations or queries that involve HTTP redirects to suspicious or internal IP addresses.
You can also inspect Budibase server logs for REST datasource requests that follow redirects, especially those that access internal metadata or database endpoints.
While no specific commands are provided in the resources, general network and log inspection commands that may help include:
- Using network monitoring tools like tcpdump or Wireshark to capture HTTP traffic from Budibase server and look for redirect chains.
- Using grep or similar tools to search Budibase logs for REST datasource creation or query events involving URLs with redirects.
- Example command to check logs for redirect URLs (adjust path as needed): grep -i 'redirect' /path/to/budibase/logs/*
- Example tcpdump command to capture HTTP traffic on port 80 or 443: tcpdump -i any -A 'tcp port 80 or tcp port 443 and host <budibase-server-ip>'
Can you explain this vulnerability to me?
This vulnerability exists in Budibase, an open-source low-code platform, in versions prior to 3.38.1. The REST datasource integration component follows HTTP redirects without re-checking the IP blacklist. This allows an authenticated Builder user to access internal services, such as cloud metadata and databases, by redirecting requests through an attacker-controlled server.
How can this vulnerability impact me? :
The vulnerability can allow an authenticated user with Builder privileges to bypass IP blacklist protections and access internal services that should be restricted. This could lead to unauthorized access to sensitive internal resources like cloud metadata and databases, potentially exposing confidential information or enabling further attacks within the internal network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Budibase to version 3.38.1 or later, where the issue has been fixed.