CVE-2026-48153 – Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

CVE ID :CVE-2026-48153

Published : May 27, 2026, 6:16 p.m. | 15 minutes ago

Description :Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes a POST to a builder-supplied URL with plain node-fetch, skipping the blacklist.isBlacklisted check that every other outbound fetch path in the codebase uses. The Joi schema for the OAuth2 URL has no scheme or host restriction. This vulnerability is fixed in 3.39.0.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5509 – Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200

CVE-2026-4392 – TeamSpeak 3 Server clientek Handshake assertion

CVE-2026-4391 – TeamSpeak 3 Server ECC Key heap-based overflow

CVE-2026-4390 – TeamSpeak 3 Server Connection State Management process_resend_queue use after free