top of page
perceptive_background_267k.jpg

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fet…

Published:

26 May 2026 at 22:00:00

Alert date:

27 May 2026 at 20:13:41

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Data Breach & Exfiltration

CVE-2026-48146 affects Budibase, an open-source low-code platform, prior to version 3.39.0. The vulnerability exists in the OAuth2 token fetch function which uses raw fetch() without SSRF protection. While a safe wrapper fetchWithBlacklist() exists and is used elsewhere in the codebase, it was not applied to the OAuth2 token endpoint. Users with BUILDER role can exploit this to point OAuth2 token URLs to internal services like CouchDB or cloud metadata endpoints to exfiltrate sensitive data. The vulnerability has been fixed in version 3.39.0.

Technical details

Mitigation steps:

Affected products:

Budibase

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-48146
https://github.com/Budibase/budibase/security/advisories/GHSA-g6qx-g4pr-92v7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page