CVE 9.7 CRITICAL

Account Takeover Vulnerability in Appsmith_CVE-2026-22794

January 12, 2026 invoker category_cve

9.7 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker’s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.

AI Analysis

Account takeover vulnerability due to unvalidated Origin value in request headers

Basic Information

ID CVE-2026-22794

Source GitHub_M

Published Jan 12, 2026 at 21:54

Affected Product

Vendor appsmithorg

Product appsmith

Version < 1.93

Affected Versions appsmithorg appsmith < 1.93

CWE Classification

CWE-346

AI Assessment

AI Score 9.7 / 10

AI Severity Critical

Vendor Appsmith

Product Appsmith

Version < 1.93

References

{
    "lastseen": "",
    "description": "Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email link baseUrl without validation. If an attacker controls the Origin, password reset / email verification links in emails can be generated pointing to the attacker\u2019s domain, causing authentication tokens to be exposed and potentially leading to account takeover. This vulnerability is fixed in 1.93.",
    "published": "2026-01-12T21:54:52.803Z",
    "modified": "2026-01-12T21:54:52.803Z",
    "type": "cve",
    "title": "Account Takeover Vulnerability in Appsmith",
    "source": "GitHub_M",
    "references": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-7hf5-mc28-xmcv\nhttps://github.com/appsmithorg/appsmith/commit/6f9ee6226bac13fb4b836940b557913fff78b633",
    "id": "CVE-2026-22794",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "appsmithorg appsmith < 1.93",
    "sourceHref": "",
    "cvss": {
        "score": 9.7,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "appsmith",
    "version": "< 1.93",
    "vendor": "appsmithorg",
    "ai_description": "Account takeover vulnerability due to unvalidated Origin value in request headers",
    "ai_severity": "Critical",
    "ai_vendor": "Appsmith",
    "ai_product": "Appsmith",
    "ai_version": "< 1.93",
    "ai_score": 9.7
}

💭 Join the Security Discussion ❌ Cancel Reply