Cyber Resilience

CVE-2026-33226

HighPublic PoC

Published: 20 March 2026

Published
20 March 2026
Modified
23 March 2026
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0037 28.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-33226 is a high-severity SSRF (CWE-918) vulnerability in Budibase Budibase. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Cloud Instance Metadata API (T1552.005); ranked at the 28.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-33226 is a server-side request forgery vulnerability (CWE-918) affecting Budibase, a low-code platform for building internal tools, workflows, and admin panels. In versions 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) executes server-side HTTP requests to arbitrary URLs provided by users in the fields.path parameter without any validation. This flaw has a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating high confidentiality and integrity impacts with changed scope.

An authenticated administrator can exploit this vulnerability remotely over the network with low complexity. By supplying malicious URLs, the attacker tricks the Budibase server into making requests to internal services not exposed to the internet, such as cloud metadata endpoints on AWS, GCP, or Azure, internal databases, Kubernetes APIs, and other pods on the internal network. On GCP deployments, this enables theft of OAuth2 tokens with cloud-platform scope, granting full access to GCP resources. Across any deployment, it allows comprehensive internal network enumeration.

The primary advisory, published via GitHub Security Advisory GHSA-4647-wpjq-hh7f, confirms the issue and notes that no publicly available patches exist as of the CVE publication date on 2026-03-20. Security practitioners should restrict admin access, monitor query preview endpoint usage, and consider network segmentation or proxying internal requests until a patch is released.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) makes server-side HTTP requests to any URL supplied by the user in…

more

fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata endpoints (AWS/GCP/Azure), internal databases, Kubernetes APIs, and other pods on the internal network. On GCP this leads to OAuth2 token theft with cloud-platform scope (full GCP access). On any deployment it enables full internal network enumeration. At time of publication, there are no publicly available patches.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.005 Cloud Instance Metadata API Credential Access
Adversaries may attempt to access the Cloud Instance Metadata API to collect credentials and other sensitive data.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
T1018 Remote System Discovery Discovery
Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system.
Why these techniques?

SSRF enables direct queries to cloud metadata endpoints for OAuth token theft (T1522/T1552.005) and arbitrary internal HTTP requests for network/service enumeration (T1046/T1018).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-31818Same product: Budibase Budibase
CVE-2026-25737Same product: Budibase Budibase
CVE-2026-25040Same product: Budibase Budibase
CVE-2026-35218Same product: Budibase Budibase
CVE-2026-25044Same product: Budibase Budibase
CVE-2026-25041Same product: Budibase Budibase
CVE-2026-30240Same product: Budibase Budibase
CVE-2026-42239Same product: Budibase Budibase
CVE-2026-27702Same product: Budibase Budibase
CVE-2026-41428Same product: Budibase Budibase

Affected Assets

budibase
budibase
≤ 3.30.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the lack of validation on user-supplied fields.path URLs in the REST query preview endpoint, preventing SSRF to arbitrary internal services.

prevent

Monitors and controls communications at internal boundaries to block Budibase server requests to unauthorized internal services like cloud metadata endpoints and Kubernetes APIs.

prevent

Enforces approved information flows to restrict server-side HTTP requests from the query preview endpoint to internal network destinations.

References