<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 10 Jul 2026 07:49:51 +0000</lastBuildDate>
    <item>
      <title>8602c1db-4d2f-4e27-b14c-224acf0c984c</title>
      <link>https://vulnerability.circl.lu/sighting/8602c1db-4d2f-4e27-b14c-224acf0c984c/export</link>
      <description>{"uuid": "8602c1db-4d2f-4e27-b14c-224acf0c984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://gist.github.com/alon710/ca5754f7e7e7aeff3ad1cd262378f58b", "content": "# CVE-2026-48153: CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK\n\n&amp;gt; **CVSS Score:** 8.5\n&amp;gt; **Published:** 2026-06-22\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48153\n\n## Summary\nCVE-2026-48153 is a Server-Side Request Forgery (SSRF) vulnerability in the Budibase OAuth2 SDK prior to version 3.39.0. It allows authenticated low-privileged users to bypass outbound network security blacklists and send arbitrary requests to internal subnets or cloud metadata services.\n\n## TL;DR\nA bypass in the Budibase OAuth2 SDK allows low-privileged users to trigger Server-Side Request Forgery (SSRF) against internal resources, bypassing central IP blacklists.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 8.5 (HIGH)\n- **EPSS Score**: 0.00174\n- **EPSS Percentile**: 7.04%\n- **Exploit Status**: poc\n- **KEV Status**: not listed\n\n## Affected Systems\n\n- Budibase &amp;lt; 3.39.0\n- **budibase**: &amp;lt; 3.39.0 (Fixed in: `3.39.0`)\n\n## Mitigation\n\n- Upgrade Budibase to version 3.39.0 or higher\n- Implement network egress filtering to restrict container access to loopback and cloud metadata endpoints\n- Audit OAuth2 datasource configurations for internal IP addresses\n\n**Remediation Steps:**\n1. Pull the latest Budibase container image (version &amp;gt;= 3.39.0)\n2. Redeploy the application service\n3. Configure container network security groups or iptables to block egress to 169.254.169.254 and private subnets if not required\n4. Restrict the assignment of the builder role to trusted users\n\n## References\n\n- [GitHub Security Advisory GHSA-4q6h-8p4v-67vq](https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq)\n- [CVE.org CVE-2026-48153 Record](https://www.cve.org/CVERecord?id=CVE-2026-48153)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48153) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T09:41:50.000000Z"}</description>
      <content:encoded>{"uuid": "8602c1db-4d2f-4e27-b14c-224acf0c984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://gist.github.com/alon710/ca5754f7e7e7aeff3ad1cd262378f58b", "content": "# CVE-2026-48153: CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK\n\n&amp;gt; **CVSS Score:** 8.5\n&amp;gt; **Published:** 2026-06-22\n&amp;gt; **Full Report:** https://cvereports.com/reports/CVE-2026-48153\n\n## Summary\nCVE-2026-48153 is a Server-Side Request Forgery (SSRF) vulnerability in the Budibase OAuth2 SDK prior to version 3.39.0. It allows authenticated low-privileged users to bypass outbound network security blacklists and send arbitrary requests to internal subnets or cloud metadata services.\n\n## TL;DR\nA bypass in the Budibase OAuth2 SDK allows low-privileged users to trigger Server-Side Request Forgery (SSRF) against internal resources, bypassing central IP blacklists.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 8.5 (HIGH)\n- **EPSS Score**: 0.00174\n- **EPSS Percentile**: 7.04%\n- **Exploit Status**: poc\n- **KEV Status**: not listed\n\n## Affected Systems\n\n- Budibase &amp;lt; 3.39.0\n- **budibase**: &amp;lt; 3.39.0 (Fixed in: `3.39.0`)\n\n## Mitigation\n\n- Upgrade Budibase to version 3.39.0 or higher\n- Implement network egress filtering to restrict container access to loopback and cloud metadata endpoints\n- Audit OAuth2 datasource configurations for internal IP addresses\n\n**Remediation Steps:**\n1. Pull the latest Budibase container image (version &amp;gt;= 3.39.0)\n2. Redeploy the application service\n3. Configure container network security groups or iptables to block egress to 169.254.169.254 and private subnets if not required\n4. Restrict the assignment of the builder role to trusted users\n\n## References\n\n- [GitHub Security Advisory GHSA-4q6h-8p4v-67vq](https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq)\n- [CVE.org CVE-2026-48153 Record](https://www.cve.org/CVERecord?id=CVE-2026-48153)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48153) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T09:41:50.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/8602c1db-4d2f-4e27-b14c-224acf0c984c/export</guid>
      <pubDate>Tue, 23 Jun 2026 09:41:50 +0000</pubDate>
    </item>
    <item>
      <title>e667063c-d0a1-4530-a52b-3da9980e331f</title>
      <link>https://vulnerability.circl.lu/sighting/e667063c-d0a1-4530-a52b-3da9980e331f/export</link>
      <description>{"uuid": "e667063c-d0a1-4530-a52b-3da9980e331f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmucdcb5kf2p", "content": "CVE-2026-48153 - Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata\nCVE ID : CVE-2026-48153\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in...", "creation_timestamp": "2026-05-27T20:01:08.329369Z"}</description>
      <content:encoded>{"uuid": "e667063c-d0a1-4530-a52b-3da9980e331f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmucdcb5kf2p", "content": "CVE-2026-48153 - Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata\nCVE ID : CVE-2026-48153\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in...", "creation_timestamp": "2026-05-27T20:01:08.329369Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e667063c-d0a1-4530-a52b-3da9980e331f/export</guid>
      <pubDate>Wed, 27 May 2026 20:01:08 +0000</pubDate>
    </item>
    <item>
      <title>6016099d-a5f5-44dd-b98c-4877f6615368</title>
      <link>https://vulnerability.circl.lu/sighting/6016099d-a5f5-44dd-b98c-4877f6615368/export</link>
      <description>{"uuid": "6016099d-a5f5-44dd-b98c-4877f6615368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6zk2b2p2w", "content": "\ud83d\udfe0 CVE-2026-48153 - High (8.5)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48153/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:02:00.807109Z"}</description>
      <content:encoded>{"uuid": "6016099d-a5f5-44dd-b98c-4877f6615368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6zk2b2p2w", "content": "\ud83d\udfe0 CVE-2026-48153 - High (8.5)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48153/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:02:00.807109Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/6016099d-a5f5-44dd-b98c-4877f6615368/export</guid>
      <pubDate>Wed, 27 May 2026 19:02:00 +0000</pubDate>
    </item>
    <item>
      <title>0a91347f-1920-47ab-abb7-cb7633f3353c</title>
      <link>https://vulnerability.circl.lu/sighting/0a91347f-1920-47ab-abb7-cb7633f3353c/export</link>
      <description>{"uuid": "0a91347f-1920-47ab-abb7-cb7633f3353c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48153", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq", "content": "", "creation_timestamp": "2026-05-21T08:49:32.000000Z"}</description>
      <content:encoded>{"uuid": "0a91347f-1920-47ab-abb7-cb7633f3353c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48153", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq", "content": "", "creation_timestamp": "2026-05-21T08:49:32.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/0a91347f-1920-47ab-abb7-cb7633f3353c/export</guid>
      <pubDate>Thu, 21 May 2026 08:49:32 +0000</pubDate>
    </item>
  </channel>
</rss>
