How is CVE-2026-45061 exploited?

Network reachability (required): The attacker must reach the Budibase API service over the network; the POST /api/plugin endpoint is an HTTP API exposed to network clients. Authentication (required): A valid low-privilege Budibase account is sufficient; no administrative role is needed to call the Plugin URL upload endpoint. Victim interaction (not-required): No user interaction is needed; the attacker submits a crafted URL directly to the API and the server issues the outbound request autonomously. Attack complexity (info): The exploit is reliable and condition-free in its basic form; bypassing the SSRF blacklist requires either an empty BLACKLIST_IPS configuration or the presence of HTTP redirect-following behavior, both realistic in default deployments.

What is the impact of CVE-2026-45061?

The Budibase server makes outbound HTTP requests to attacker-controlled targets, which can include internal hosts on the same network segment such as metadata services, internal APIs, and management interfaces. Responses from internal services are returned to the attacker, exposing credentials, tokens, configuration data, or any content served by the internal host. Cloud instance metadata endpoints (for example, AWS IMDSv1 at 169.254.169.254) are reachable via this vector, potentially exposing instance identity credentials and IAM role tokens. Integrity and availability of data are not directly affected; the confirmed impact is confidentiality loss through unauthorized reads of internal HTTP resources.

Back to search

HIGHCVE-2026-45061Published 2026-05-27Modified 2026-05-28CNA GitHub_M

CVE-2026-45061: Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`)

Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). Any URL containing .tar.gz anywhere in the string — in the path, query string, or fragment — passes this check. The URL then proceeds directly to fetchWithBlacklist() with no further validation of host, scheme, or path. Standalone, this vulnerability is blocked by Budibase's default SSRF blacklist, which covers private IP ranges. But the URL validation layer itself is broken regardless, and it directly enables SSRF in two realistic situations: (1) when chained with the BLACKLIST_IPS bypass ([001]), where the blacklist is empty; and (2) when the plugin server follows HTTP redirects from an external URL to an internal target (the default node-fetch behavior with redirect: 'follow'). This vulnerability is fixed in 3.35.10.

HarborGuard Analysis

HarborGuard analysis

Synopsis

A server-side request forgery (SSRF) vulnerability exists in Budibase, an open-source low-code platform, in the Plugin URL upload endpoint (POST /api/plugin). The endpoint validates submitted URLs using only a trivial substring check for `.tar.gz`, allowing any URL containing that string anywhere to bypass validation before being passed to the HTTP fetch layer; a low-privilege authenticated attacker can reach this endpoint over the network with no victim interaction required. Successful exploitation lets an attacker force the Budibase server to make arbitrary outbound HTTP requests to internal infrastructure, disclosing responses from hosts that should not be reachable from outside the network. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-45061 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built Budibase images. Coverage extends to images built internally from the Budibase source base, not only official upstream releases.

Available

Triage

HarborGuard scores this CVE at 7.7 HIGH using the published CVSS v3.1 vector and weights findings against each environment's active compliance policy to determine priority and routing. Triage alerts are directed to the team or inbox configured within each customer org for network-exposed application vulnerabilities.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-evaluates the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Budibase ships a corrected release. In the interim, HarborGuard surfaces the finding with compensating-control recommendations so teams can act without waiting for an upstream patch.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Budibase API service over the network; the POST /api/plugin endpoint is an HTTP API exposed to network clients.
AuthenticationRequired
A valid low-privilege Budibase account is sufficient; no administrative role is needed to call the Plugin URL upload endpoint.
Victim interactionNot required
No user interaction is needed; the attacker submits a crafted URL directly to the API and the server issues the outbound request autonomously.
Attack complexityDetail
The exploit is reliable and condition-free in its basic form; bypassing the SSRF blacklist requires either an empty BLACKLIST_IPS configuration or the presence of HTTP redirect-following behavior, both realistic in default deployments.

Blast Radius

The Budibase server makes outbound HTTP requests to attacker-controlled targets, which can include internal hosts on the same network segment such as metadata services, internal APIs, and management interfaces.
Responses from internal services are returned to the attacker, exposing credentials, tokens, configuration data, or any content served by the internal host.
Cloud instance metadata endpoints (for example, AWS IMDSv1 at 169.254.169.254) are reachable via this vector, potentially exposing instance identity credentials and IAM role tokens.
Integrity and availability of data are not directly affected; the confirmed impact is confidentiality loss through unauthorized reads of internal HTTP resources.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix version exists for CVE-2026-45061 as of the publication date, HarborGuard monitors the Budibase advisory on every ingest cycle and will trigger a patched-image rebuild automatically once version 3.35.10 or a later corrected release is published. For customers with auto-remediation enabled, that rebuild will be followed immediately by a regression-test run and a PR opened against affected workloads. While no patch is available, HarborGuard recommends the following compensating controls: apply network policy to restrict egress from Budibase pods to known-good external destinations only; ensure the BLACKLIST_IPS environment variable is populated with all private RFC-1918 ranges and internal subnets to close the empty-blacklist bypass path; consider placing the Plugin URL upload feature behind a feature flag or disabling it at the load-balancer level if plugin installation from external URLs is not required; and audit existing plugins for URLs that may have been submitted prior to detection.

See how HarborGuard automates this

CVSS v3.1: 7.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Budibase / budibase
< 3.35.10

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

https://github.com/Budibase/budibase/security/advisories/GHSA-xh5j-727m-w6gg