CVE-2026-5418 | appsmithorg appsmith up to 1.97 Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery (GHSA-9m89-5jw7-q5cr)

A vulnerability labeled as critical has been found in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2026-5418. The attack may be launched remotely. Furthermore, there is an exploit available.

The affected component should be upgraded.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5418 | appsmithorg appsmith up to 1.97 Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery (GHSA-9m89-5jw7-q5cr)

Post correlati

CVE-2025-1337 | Eastnets PaymentSafe 2.5.26.0 BIC Search cross site scripting

CVE-2020-7760 | Oracle Utilties Application Framework 4.3.0.3.0/4.3.0.6.0/4.4.0.0.0/4.4.0.2.0/4.4.0.3.0 User Interface denial of service

CVE-2026-32600 | simplesamlphp xml-security up to 2.3.0 integrity check

CVE-2024-49646 | ioannup Code Generate Plugin up to 1.0 on WordPress cross site scripting