PT-2026-29873 · Appsmithorg · Appsmith
Executio
·
Published
2026-04-02
·
Updated
2026-04-03
·
CVE-2026-5418
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
appsmithorg appsmith versions up to 1.97
Description
A server-side request forgery exists due to manipulation of the
computeDisallowedHosts function within the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the Dashboard component. This issue can be exploited remotely.Recommendations
Upgrade to version 1.99 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appsmith