CVE-2026-48128

UNKNOWN 0.0

Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side request forgery path where automation execution causes the Budibase server to make outbound HTTP requests to attacker-influenced destinations. The automation output then returns the response, potentially exposing internal service data. This vulnerability is fixed in 3.39.0.

CWE	CWE-918
Vendor	budibase
Product	budibase
Published	May 27, 2026
Last Updated	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for budibase budibase

Be the first to know when new unknown vulnerabilities affecting budibase budibase are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Budibase / budibase

< 3.39.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Budibase/budibase/security/advisories/GHSA-6964-pp88-6wp9