top of page
perceptive_background_267k.jpg

Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fet…

Published:

26 May 2026 at 22:00:00

Alert date:

27 May 2026 at 19:08:13

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Data Breach & Exfiltration

Budibase open-source low-code platform contains an SSRF vulnerability in OAuth2 token fetch function prior to version 3.39.0. The vulnerability exists in packages/server/src/sdk/workspace/oauth2/utils.ts where raw fetch(config.url) is used without SSRF protection. While a safe wrapper fetchWithBlacklist() exists and is used elsewhere in the codebase, it was not applied to the OAuth2 token endpoint. Users with BUILDER role can exploit this to point OAuth2 token URL to internal services like CouchDB and cloud metadata to exfiltrate sensitive data. The vulnerability has been fixed in version 3.39.0.

Technical details

Mitigation steps:

Affected products:

Budibase

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-48146
https://github.com/Budibase/budibase/security/advisories/GHSA-g6qx-g4pr-92v7

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page