VIR Vulnerability Intelligence Relay

Package impact

npm NPM / @budibase/server

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-45717 high 8.8 8.8 18h ago Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameter… npm
CVE-2026-45548 high 7.7 7.7 18h ago Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation npm
CVE-2026-45715 high 7.7 7.7 18h ago Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration npm