By vendor

Appsmith vulnerabilities

Known CVEs affecting Appsmith products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-7299MEDIUM 6.3

    Appsmith, a low-code application development platform, contains a stored cross-site scripting (XSS) vulnerability in its SQL query editor. An authenticated developer can craft malicious database object names (table or column names) that, when rendered by the autocomplete feature, inject and execute arbitrary JavaScript in the browsers of other workspace members. This is a *persistence* risk—the malicious payload lives in the database schema itself and activates whenever a colleague accesses the same data source, potentially compromising their sessions and Appsmith workspace access.