CVE-2026-45061 | budibase up to 3.35.9 Plugin URL Upload Endpoint /api/plugin fetchWithBlacklist server-side request forgery

A vulnerability has been found in budibase up to 3.35.9 and classified as critical. Impacted is the function fetchWithBlacklist of the file /api/plugin of the component Plugin URL Upload Endpoint. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-45061. The attack can be initiated remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More