CVE-2026-33226 in budibase
Summary
by MITRE • 03/21/2026
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An authenticated admin can reach internal services that are not exposed to the internet — including cloud metadata endpoints (AWS/GCP/Azure), internal databases, Kubernetes APIs, and other pods on the internal network. On GCP this leads to OAuth2 token theft with cloud-platform scope (full GCP access). On any deployment it enables full internal network enumeration. At time of publication, there are no publicly available patches.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/27/2026
The vulnerability identified as CVE-2026-33226 resides within Budibase's REST datasource query preview functionality, specifically targeting the POST /api/queries/preview endpoint that exists in versions 3.30.6 and earlier. This flaw represents a critical server-side request forgery vulnerability that allows authenticated administrators to execute arbitrary HTTP requests to any URL specified by the user through the fields.path parameter. The absence of input validation creates a pathway for malicious actors to probe internal network resources that would normally be protected from external access.
The technical implementation of this vulnerability stems from the lack of proper input sanitization and validation mechanisms within the query preview endpoint. When an authenticated admin user submits a request to this endpoint, the system blindly follows the user-supplied URL without any verification or restriction of the destination. This behavior aligns with CWE-918, Server-Side Request Forgery, which occurs when applications fail to validate and restrict external resource access. The flaw specifically manifests in the fields.path parameter where user input directly influences the target URL for HTTP requests, creating a direct attack vector that bypasses normal network security controls.
The operational impact of this vulnerability extends far beyond simple network enumeration, as it provides attackers with unprecedented access to internal infrastructure components. The ability to reach cloud metadata endpoints from AWS, GCP, and Azure environments creates a severe risk of credential theft and privilege escalation. On GCP deployments, successful exploitation results in OAuth2 token theft with cloud-platform scope, granting full administrative access to cloud resources. Additionally, the vulnerability enables comprehensive internal network enumeration, allowing attackers to discover and map internal services, databases, Kubernetes APIs, and other pods that are normally isolated from external networks. This reconnaissance capability significantly amplifies the potential for further exploitation and lateral movement within the compromised environment.
From a cybersecurity perspective, this vulnerability directly maps to several ATT&CK techniques including T1071.004 Application Layer Protocol: DNS, T1046 Network Service Scanning, and T1566 Impairing Defenses. The attack chain begins with network reconnaissance through internal service enumeration, followed by potential credential harvesting from cloud metadata endpoints. The lack of patches at the time of publication means organizations must rely on immediate operational mitigations rather than vendor-provided fixes, creating a window of vulnerability that could be exploited by threat actors with knowledge of the platform.
Organizations utilizing Budibase versions 3.30.6 or earlier should implement immediate mitigations including restricting access to the /api/queries/preview endpoint, implementing strict input validation on the fields.path parameter, and establishing network segmentation to limit internal service access. Network monitoring should be enhanced to detect unusual outbound HTTP requests from the application server, particularly to internal IP ranges or cloud metadata endpoints. Additionally, privileged access should be reviewed and restricted to only necessary administrators, while implementing multi-factor authentication and regular access audits. The vulnerability demonstrates the critical importance of validating all user-supplied input in server-side applications and highlights the risks associated with insufficient network boundary controls in low-code platforms that may appear to be secure but lack proper access restrictions.