CVE-2026-31818

**Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.33.4

**Description Budibase, an open-source low-code platform, contains a server-side request forgery (SSRF) vulnerability in its REST datasource connector. The platform's SSRF protection is ineffective because the BLACKLIST IPS environment variable is not set by default in official deployment configurations. When this variable is empty, the blacklist function always returns false, allowing unrestricted requests. This allows access to internal services.

**Recommendations Update Budibase to version 3.33.4 or later.