SSRF in Budibase
CVE-2026-48128
Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validatio…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.001 (23.1th percentile) — read the EPSS interpretation.
Affected products
- Budibase — versions < 3.39.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)