Appsmith CVE-2026-7299 Stored XSS via SQL Autocomplete innerHTML Sink

Vulnerability Overview CVE-2026-7299 - Appsmith 1.98 Stored XSS (SQL Autocomplete innerHTML Sink) This is a stored Cross-Site Scripting (XSS) vulnerability present in the SQL query editor of Appsmith. Attackers can inject arbitrary JavaScript code via database table names, which will execute in the browsers of any workspace members when SQL autocomplete is triggered. Affected Scope Affected Versions: Appsmith v1.98 and earlier versions, which feature a custom SQL hint renderer. Vulnerable Location: , where CodeMirror's secure default hint renderer ( ) is overwritten by a custom rendering callback using to display database table and column names, without any sanitization. Remediation Official Fix: No fix has been released yet. Users are advised to monitor Appsmith's official updates. Workaround: Avoid using special characters or potentially malicious content in database table names to reduce the attack surface. POC Code Basic Alert PoC Cookie Exfiltration to Callback Server Custom Payload Automatic Discovery of Connection or Provision of Credentials if PostgreSQL Data Source Does Not Yet Exist Examples PoC Video Demonstration: https://www.youtube.com/watch?v=1R8BY22Bp_A Documentation Background Appsmith is an open-source low-code platform where teams build internal tools by connecting data sources and writing queries. The SQL query editor uses autocomplete to populate suggestions from the metadata of tables and columns in the connected database. Autocomplete rendering uses a custom CodeMirror rendering callback in : CodeMirror 5's default hint rendering uses (secure). Appsmith overwrites this with to add custom CSS classes and icon attributes for styling, but the actual text content (table names) is assigned as raw HTML. In the 8-step data flow from the database catalog to DOM rendering, there is no sanitization at any stage. Exploitation Flow The entire attack is executed via the Appsmith Web UI. The attacker (a workspace developer) runs a statement containing an XSS payload as the table name. Appsmith's PostgresPlugin performs no DDL filtering, and accepts any valid SQL, including DDL statements. When any other workspace member opens the SQL query editor for the same data source and begins typing a query, the autocomplete dropdown appears, fetching table name suggestions from the database metadata. The malicious table name is rendered via , executing the JavaScript payload within the victim's browser session. The XSS executes in the context of the Appsmith application, utilizing the victim's session. An attacker can steal session cookies (XSRF-TOKEN, SESSION), exfiltrate data source credentials, or make API calls on behalf of the victim. If the victim is an administrator, the attacker escalates to full workspace control. Data Flow Without sanitization, the payload is rendered into , triggered by the autocomplete renderer after DOM calls. References CVE-2026-7299 Appsmith GitHub Repository CVE-79: Improper Neutralisation of Input During Web Page Generation Vulnerable file Disclaimer This tool is provided solely for authorized security testing and educational purposes. Use only against systems you own or have explicit written permission to test. I accept no responsibility for any misuse or damage caused by this tool. Happy hacking!

Goal Reached Thanks to every supporter — we hit 100%!

Appsmith CVE-2026-7299 Stored XSS via SQL Autocomplete innerHTML Sink

More from this source