3 matches found
BIT-APPSMITH-2026-50189 Appsmith: RCE via Supervisord XML-RPC Admin Interface Exposed via /supervisor Caddy Route
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-50189
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside the container via a Caddy reverse-proxy route at /supervisor/ on the public ingress. Combined with the...
CVE-2026-50189
Appsmith before version 2.1 is affected by a remote code execution via its bundled supervisord XML-RPC interface exposed on port 9001 and reachable through a Caddy route at /supervisor/. If an authenticated administrator accesses GET /api/v1/admin/env and obtains APPSMITH_SUPERVISOR_PASSWORD, the...