Appsmith platform vulnerability allows attackers to manipulate Origin header values to redirect password reset and email verification links to attacker-controlled domains. The server fails to validate the Origin header before using it as the email link baseUrl. This leads to authentication token exposure and potential account takeover attacks. The vulnerability affects versions prior to 1.93 and has been patched in version 1.93. The attack vector exploits the email-based authentication flow by intercepting tokens meant for legitimate users.