Lucene search
K

154 matches found

OSV
OSV
added 2026/06/30 11:35 p.m.5 views

BIT-APPSMITH-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

6.3CVSS5.8AI score0.00341EPSS
Exploits3References2
OSV
OSV
added 2026/06/29 5:37 a.m.4 views

BIT-APPSMITH-2026-55455 Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils used by the REST API and GraphQL datasource plugins validates hosts against an exact-match string denylist. The comprehensive address-class check...

9.1CVSS5.9AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:37 a.m.4 views

BIT-APPSMITH-2026-55454 Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 5:37 a.m.16 views

BIT-APPSMITH-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS6AI score0.00271EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-55454

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS0.00328EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 10:16 p.m.11 views

CVE-2026-50189

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS0.00271EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.23 views

CVE-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.21 views

CVE-2026-55454 Appsmith: Caddy admin API exposed without authentication

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by...

9.9CVSS0.00328EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 9:38 p.m.21 views

CVE-2026-55454

Appsmith (prior to 2.1) exposes the bundled Caddy admin API without authentication inside the container, bound to 0.0.0.0:2019. Although not exposed to the host via docker-compose, it is reachable from the Appsmith server process and can be targeted via SSRF to issue admin-API calls (e.g., POST /...

9.9CVSS5.9AI score0.00328EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/24 9:35 p.m.19 views

CVE-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...

8.9CVSS0.00271EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 9:35 p.m.27 views

CVE-2026-50189

Appsmith before version 2.1 is affected by a remote code execution via its bundled supervisord XML-RPC interface exposed on port 9001 and reachable through a Caddy route at /supervisor/. If an authenticated administrator accesses GET /api/v1/admin/env and obtains APPSMITH_SUPERVISOR_PASSWORD, the...

8.9CVSS6.1AI score0.00271EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52113

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled Caddy reverse-proxy admin API is bound to 0.0.0.0:2019 inside the container and lacks authentication by default. Although the listener is not published to the host, it remains accessible t...

9.9CVSS5.8AI score0.00328EPSS
Exploits1References5
OSV
OSV
added 2026/06/12 6:28 p.m.22 views

GHSA-J9GF-VW2F-9HRW Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation

Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...

8.1CVSS5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/12 6:27 p.m.12 views

GHSA-9WCP-79G5-5C3C Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators

Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...

8.1CVSS5.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.14 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.00341EPSS
Exploits2References1
NVD
NVD
added 2026/06/02 4:16 p.m.11 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS0.00341EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2026/06/02 2:7 p.m.9 views

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/02 2:7 p.m.12 views

EUVD-2026-33936

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References5
CVE
CVE
added 2026/06/02 2:7 p.m.24 views

CVE-2026-7299

Appsmith CVE-2026-7299 affects the SQL query editor autocomplete renderer, where unsanitized database object names rendered into innerHTML enable persistent XSS by a developer with access. This can execute arbitrary JavaScript in other workspace members’ sessions when interacting with the same da...

6.3CVSS6.4AI score0.00341EPSS
Exploits2References6Affected Software1
Rows per page
Query Builder