All 6 CVE vulnerabilities found in appsmith, with AI-generated Chinese analysis, references, and POCs.
Vendor: appsmithorg
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5418 | appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery CWE-918 | 7.3 | High | 2026-04-02 |
| CVE-2026-34411 | Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs CWE-306 | 5.3 | Medium | 2026-03-27 |
| CVE-2026-30862 | Critical Stored XSS & Privilege Escalation in Appsmith CWE-79 | 9.1 | Critical | 2026-03-09 |
| CVE-2026-24042 | Appsmith public apps can execute unpublished actions (viewMode confusion) CWE-862 | 9.4 | Critical | 2026-01-22 |
| CVE-2026-22794 | Account Takeover Vulnerability in Appsmith CWE-346 | 9.7 | Critical | 2026-01-12 |
| CVE-2024-55604 | Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources CWE-280 | 6.5AI | MediumAI | 2025-03-25 |
All 6 known CVE vulnerabilities affecting appsmith with full Chinese analysis, references, and POCs where available.