CVE-2026-31818 | budibase up to 3.33.3 Environment Variable blacklist BLACKLIST_IPS server-side request forgery

Inserito da Angelo Barbosa | Apr 3, 2026 | CVE

A vulnerability, which was classified as critical, has been found in budibase up to 3.33.3. This affects the function blacklist of the component Environment Variable Handler. The manipulation of the argument BLACKLIST_IPS leads to server-side request forgery.

This vulnerability is documented as CVE-2026-31818. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-31818 | budibase up to 3.33.3 Environment Variable blacklist BLACKLIST_IPS server-side request forgery

Post correlati

CVE-2025-59344 | AliasVault up to 0.23.0 server-side request forgery

CVE-2024-47397 | FXC AE1021/AE1021PE up to 2.0.10 weak authentication

CVE-2024-51560 | Brokerage Technology Solutions Wave 2.0 up to 1.1.6 API Endpoint information exposure (CIVN-2024-0332)

CVE-2024-32499 | Newforma Project Center Server up to 2023.3.0.32259 .NET Remoting code injection