What is CVE-2026-33226 — SSRF in Budibase ≤3.30.6?

CVE-2026-33226 is a HIGH severity SSRF vulnerability affecting Budibase versions up to 3.30.6, allowing authenticated admins to access internal services and potentially steal credentials.

Am I affected by CVE-2026-33226 in Budibase ≤3.30.6?

If you are running Budibase version 3.30.6 or earlier, you are potentially affected by this SSRF vulnerability. Check your version and upgrade immediately.

How do I fix CVE-2026-33226 in Budibase ≤3.30.6?

The recommended fix is to upgrade to a patched version of Budibase. Consult the official Budibase advisory for the latest version.

Is CVE-2026-33226 being actively exploited?

While no active exploitation has been publicly confirmed, the ease of exploitation makes it likely that attackers are already scanning for vulnerable instances.

Where can I find the official Budibase advisory for CVE-2026-33226?

Refer to the official Budibase security advisory for detailed information and mitigation steps: [https://budibase.com/security/advisories](https://budibase.com/security/advisories)

CVE-2026-33226 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2026-33226 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• nodejs / server:

journalctl -u budibase -f | grep -i "fields.path"

• generic web:

curl -I <budibase_instance_url>/api/queries/preview --data 'fields.path=http://169.254.169.254/metadata/instance' | grep -i "HTTP/1.1 200"

Budibase Falsificación de Solicitud desde el Servidor (SSRF) Ilimitada a través de la Vista Previa de la Consulta de la Fuente de Datos REST

Impacto y Escenarios de Ataquetraduciendo…

Contexto de Explotacióntraduciendo…

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workaroundstraduciendo…

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2026-33226 — SSRF in Budibase ≤3.30.6?

Am I affected by CVE-2026-33226 in Budibase ≤3.30.6?

How do I fix CVE-2026-33226 in Budibase ≤3.30.6?

Is CVE-2026-33226 being actively exploited?

Where can I find the official Budibase advisory for CVE-2026-33226?

¿Tu proyecto está afectado?