PT-2026-41397 · Npm+2 · @Budibase/Server+1

Sajdakabir

·

Published

2026-05-15

·

Updated

2026-05-27

·

CVE-2026-45715

CVSS v3.1

7.7

High

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.1
Description The REST datasource integration in the packages/server/src/integrations/rest.ts file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticated Builder to bypass security controls and access internal services, such as cloud metadata and databases, by redirecting requests through an attacker-controlled server. The issue occurs because the req() function does not set the redirect: "manual" option, causing the system to automatically follow HTTP 301, 302, and 307 redirects without performing a secondary blacklist check on the redirect destination.
Recommendations Update to version 3.38.1. As a temporary workaround, restrict access to the REST datasource integration to minimize the risk of internal service exposure.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45715
GHSA-FGQV-JH4G-PVG2

Affected Products

@Budibase/Server
Budibase