CVE-2026-30862

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.96

Description Appsmith is a platform used to build admin panels, internal tools, and dashboards. A critical stored cross-site scripting (XSS) issue exists in the Table Widget (TableWidgetV2) due to insufficient HTML sanitization within the React component rendering process. This allows malicious attributes to be inserted into the Document Object Model (DOM). An attacker with a standard user account can exploit the "Invite Users" feature to compel a System Administrator to execute a privileged API endpoint '/api/v1/admin/env', leading to a full administrative account takeover. The issue is caused by a lack of HTML sanitization in the React component rendering pipeline.

Recommendations Update to version 1.96 or later.