GHSA-4q6h-8p4v-67vq

High

GHSA-4q6h-8p4v-67vq

(CVE-2026-48153)

Published Jun 22, 2026

CVSS

8.5

HIGH

EPSS

Exploit Prediction Scoring System — the modeled probability of in-the-wild exploitation in the next 30 days.

—

Affected packages

Summary

Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata

Developer impact

Recommended action

Affected packages

Sources