top of page
perceptive_background_267k.jpg

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (Tab…

Published:

9 March 2026 at 23:00:00

Alert date:

10 March 2026 at 18:06:15

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

Critical Stored XSS vulnerability in Appsmith platform's Table Widget (TableWidgetV2) prior to version 1.96. The vulnerability stems from lack of HTML sanitization in React component rendering pipeline, allowing malicious DOM attribute interpolation. Attackers with regular user accounts can exploit the 'Invite Users' feature to force System Administrators to execute privileged API calls (/api/v1/admin/env), resulting in complete administrative account takeover. The vulnerability has been patched in version 1.96.

Technical details

Mitigation steps:

Affected products:

Appsmith

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-30862
https://github.com/appsmithorg/appsmith/security/advisories/GHSA-5hw4-whxv-6794

Related CVE's:

Related threat actors:

IOC's:

/api/v1/admin/env

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page