Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be interpolated into the DOM. By leveraging the "Invite Users" feature, an attacker with a regular user account ([email protected]) can force a System Administrator to execute a high-privileged API call (/api/v1/admin/env), resulting in a Full Administrative Account Takeover. This vulnerability is fixed in 1.96.

INFO

Published Date :

2026-03-09T22:26:11.163Z

Last Modified :

2026-03-10T14:19:20.885Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-30862 vulnerability.

Vendors Products
Appsmith
  • Appsmith
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30862.

URL Resource
https://github.com/appsmithorg/appsmith/security/advisories/GHSA-5hw4-whxv-6794 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact