Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 5:11 p.m.9 views

CVE-2026-45548 Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:11 p.m.42 views

CVE-2026-45548 Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:11 p.m.21 views

CVE-2026-45548

The CVE-2026-45548 entries describe a Server-Side Request Forgery (SSRF) in Budibase where processUrlFile (AI Extract File step) calls fetch(fileUrl) without the IP blacklist, bypassing protections used by other automation steps. This allowed an authenticated builder to trigger server-side reques...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 5:47 p.m.5 views

GHSA-RPJ4-7X2V-WJRF Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/15 5:47 p.m.16 views

Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Vulnerability Details CWE-918: Server-Side Request Forgery SSRF The processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticate...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.16 views

PT-2026-41394

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.34.8 Description An authenticated user can trigger server-side requests to internal network addresses. This occurs because the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References5
Rows per page
Query Builder