A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.99 is recommended to address this issue. The affected component should be upgraded. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVE-2026-5418 is a Server-Side Request Forgery (SSRF) vulnerability in Appsmith versions up to 1.97 affecting the Dashboard component's host validation logic. The vulnerability allows remote attackers to bypass security controls and make unauthorized requests to internal resources.
ثغرة SSRF في Appsmith تؤثر على الإصدارات حتى 1.97 في وظيفة computeDisallowedHosts. تسمح الثغرة للمهاجمين بتجاوز التحقق من صحة المضيف والوصول إلى الموارد الداخلية. تم إصدار إصلاح في الإصدار 1.99.
A Server-Side Request Forgery vulnerability exists in Appsmith up to version 1.97 in the computeDisallowedHosts function. This allows remote attackers to bypass host restrictions and access internal resources through the Dashboard component.
Upgrade Appsmith to version 1.99 or later immediately. If immediate upgrade is not possible, implement network segmentation to restrict outbound connections from the Appsmith server to only necessary internal resources. Review and audit recent Dashboard activity logs for suspicious requests.
قم بترقية Appsmith إلى الإصدار 1.99 أو أحدث فوراً. إذا لم يكن الترقية الفورية ممكنة، قم بتنفيذ تقسيم الشبكة لتقييد الاتصالات الصادرة من خادم Appsmith. قم بمراجعة وتدقيق سجلات نشاط لوحة التحكم الأخيرة للطلبات المريبة.