SSRF in Budibase

CVE-2026-48148

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authe…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.