Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55454 |
|
Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-55455 |
|
SSRF (Server-Side Request Forgery) in appsmith (CVE-2026-55455)
SSRF in appsmith (CVE-2026-55455). Confidential information can be exposed externally. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-49979 |
|
Vulnerability in appsmith (CVE-2026-49979)
vulnerability in appsmith (CVE-2026-49979). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/admin/send-test-email`. Mitigation: upgrade to `1.99` or later.
|
| CVE-2026-50189 |
|
Vulnerability in appsmith (CVE-2026-50189)
vulnerability in appsmith (CVE-2026-50189). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/admin/env`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-7299 |
|
Cross-Site Scripting (XSS) in appsmith (CVE-2026-7299)
cross-site scripting in appsmith (CVE-2026-7299). Confidential information can be exposed externally. Mitigation: upgrade to `1.99.0` or later.
|