150 matches found
CVE-2026-5418
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...
EUVD-2026-18518
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...
CVE-2026-5418
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...
CVE-2026-5418
The CVE affects appsmith.org Appsmith Dashboard up to version 1.97, specifically the computeDisallowedHosts function in WebClientUtils.java. The issue enables server-side request forgery (SSRF) and may be exploitable remotely; an exploit is publicly available. Mitigation provided in the sources i...
CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery
A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...
Appsmith 代码问题漏洞
Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...
BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
Exploit for CVE-2026-7299
CVE-2026-7299 - Appsmith 1.98 Stored XSS SQL Autocomplete inn...
EUVD-2026-16721
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
CVE-2026-34411
Affected product: Appsmith prior to version 1.98. Root cause: unauthenticated access to instance management API endpoints (/api/v1/consolidated-api/view, /api/v1/tenants/current) that exposes configuration metadata, license information, and unsalted SHA-256 hashes of admin email domains. Impact: ...
Appsmith 访问控制错误漏洞
Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to Appsmith 1.98, there was a security vulnerability related to access control. This vulnerability stemmed from unvalidated instance management API endpoint...
BIT-APPSMITH-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...
Appsmith 安全漏洞
Appsmith is an open-source platform developed by Appsmith itself, used for building, deploying, and maintaining internal applications. Prior to version 1.96, there were security vulnerabilities in Appsmith. These vulnerabilities stemmed from the lack of HTML cleaning in the Table Widget rendering...
CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...
Exploit for CVE-2026-30862
CVE-2026-30...
📄 Appsmith 1.92 Origin Header Injection
A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...
Exploit for Origin Validation Error in Appsmith
CVE-2026-22794 - Appsmith Origin Header Injection !Python V...
CVE-2026-24042
Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished edit-mode actions by sending viewMode=false or omitting it to POST /api/v1/actions/execute. This bypasses the...