{"vulnerability": "cve-2026-48153", "sightings": [{"uuid": "6016099d-a5f5-44dd-b98c-4877f6615368", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmu6zk2b2p2w", "content": "\ud83d\udfe0 CVE-2026-48153 - High (8.5)\n\nBudibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in the OAuth2 SDK makes...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-48153/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-27T19:02:00.807109Z"}, {"uuid": "e667063c-d0a1-4530-a52b-3da9980e331f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmucdcb5kf2p", "content": "CVE-2026-48153 - Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata\nCVE ID : CVE-2026-48153\n \n Published : May 27, 2026, 6:16 p.m. | 15\u00a0minutes ago\n \n Description : Budibase is an open-source low-code platform. Prior to 3.39.0, fetchToken in...", "creation_timestamp": "2026-05-27T20:01:08.329369Z"}, {"uuid": "0a91347f-1920-47ab-abb7-cb7633f3353c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48153", "type": "published-proof-of-concept", "source": "https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq", "content": "", "creation_timestamp": "2026-05-21T08:49:32.000000Z"}, {"uuid": "8602c1db-4d2f-4e27-b14c-224acf0c984c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48153", "type": "seen", "source": "https://gist.github.com/alon710/ca5754f7e7e7aeff3ad1cd262378f58b", "content": "# CVE-2026-48153: CVE-2026-48153: Server-Side Request Forgery in Budibase OAuth2 SDK\n\n> **CVSS Score:** 8.5\n> **Published:** 2026-06-22\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48153\n\n## Summary\nCVE-2026-48153 is a Server-Side Request Forgery (SSRF) vulnerability in the Budibase OAuth2 SDK prior to version 3.39.0. It allows authenticated low-privileged users to bypass outbound network security blacklists and send arbitrary requests to internal subnets or cloud metadata services.\n\n## TL;DR\nA bypass in the Budibase OAuth2 SDK allows low-privileged users to trigger Server-Side Request Forgery (SSRF) against internal resources, bypassing central IP blacklists.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1**: 8.5 (HIGH)\n- **EPSS Score**: 0.00174\n- **EPSS Percentile**: 7.04%\n- **Exploit Status**: poc\n- **KEV Status**: not listed\n\n## Affected Systems\n\n- Budibase < 3.39.0\n- **budibase**: < 3.39.0 (Fixed in: `3.39.0`)\n\n## Mitigation\n\n- Upgrade Budibase to version 3.39.0 or higher\n- Implement network egress filtering to restrict container access to loopback and cloud metadata endpoints\n- Audit OAuth2 datasource configurations for internal IP addresses\n\n**Remediation Steps:**\n1. Pull the latest Budibase container image (version >= 3.39.0)\n2. Redeploy the application service\n3. Configure container network security groups or iptables to block egress to 169.254.169.254 and private subnets if not required\n4. Restrict the assignment of the builder role to trusted users\n\n## References\n\n- [GitHub Security Advisory GHSA-4q6h-8p4v-67vq](https://github.com/Budibase/budibase/security/advisories/GHSA-4q6h-8p4v-67vq)\n- [CVE.org CVE-2026-48153 Record](https://www.cve.org/CVERecord?id=CVE-2026-48153)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48153) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-23T09:41:50.000000Z"}]}