Vulnerabilidades en Budibase
38 resultadosCVE-2026-25737HIGHBudibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)EPSS 0.3%CVE-2026-45061HIGHBudibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)EPSS 0.3%CVE-2026-45719MEDIUMBudibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views APIEPSS 0.3%CVE-2026-45716HIGHBudibase: Builder-to-Admin Privilege Escalation via onboardUsers Endpoint Without SMTP ConfigurationEPSS 0.3%CVE-2026-45548HIGHBudibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist ValidationEPSS 0.3%CVE-2026-45715HIGHBudibase: SSRF Bypass via HTTP Redirect in REST Datasource IntegrationEPSS 0.3%CVE-2026-48152HIGHBudibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URLEPSS 0.3%CVE-2026-45717HIGHBudibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.EPSS 0.3%CVE-2026-48148MEDIUMBudibase: Unvalidated VectorDB Host Parameter Enables SSRFEPSS 0.2%CVE-2026-48149HIGHBudibase: Stored XSS in Text component: BASIC users execute JS in admin session via MarkdownViewer innerHTML + CDN+srcdoc CSP bypassEPSS 0.2%CVE-2026-48151HIGHBudibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schemaEPSS 0.2%CVE-2026-46427HIGHBudibase: Snowflake private key returned unmasked from datasource API to BASIC usersEPSS 0.2%CVE-2026-48146HIGHBudibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist ProtectionEPSS 0.2%CVE-2026-46426HIGHBudibase: Unrestricted Upload of File with Dangerous TypeEPSS 0.2%CVE-2026-48153HIGHBudibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadataEPSS 0.2%CVE-2026-46424MEDIUMBudibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 HourEPSS 0.2%CVE-2026-45718MEDIUMBudibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope RowsEPSS 0.1%CVE-2026-48147MEDIUMBudibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase WorkerEPSS 0.1%