CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Authentication Flaw in Appsmith Enables Account Takeovers

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical authentication vulnerability (CVE-2026-22794) in Appsmith's low-code platform allows attackers to manipulate password reset links by abusing the HTTP Origin header. This flaw enables full account takeovers by redirecting reset tokens to attacker-controlled domains. The vulnerability affects Appsmith versions 1.x, with 1666 publicly accessible instances identified as vulnerable. The flaw occurs during the password reset process, where the platform uses the client-supplied Origin header to build the reset link without proper validation. Attackers can exploit this to intercept reset tokens and set new passwords, gaining unauthorized access to victim accounts. The vulnerable endpoint's consistent success responses help conceal the abuse. Given Appsmith's use in building internal tools connected to sensitive databases and APIs, the impact of this vulnerability is particularly severe.

Timeline

  1. 22.01.2026 18:00 1 articles · 23h ago

    Critical Authentication Flaw in Appsmith Enables Account Takeovers

    A critical authentication vulnerability (CVE-2026-22794) in Appsmith's low-code platform allows attackers to manipulate password reset links by abusing the HTTP Origin header. This flaw enables full account takeovers by redirecting reset tokens to attacker-controlled domains. The vulnerability affects Appsmith versions 1.x, with 1666 publicly accessible instances identified as vulnerable. The flaw occurs during the password reset process, where the platform uses the client-supplied Origin header to build the reset link without proper validation. Attackers can exploit this to intercept reset tokens and set new passwords, gaining unauthorized access to victim accounts. The vulnerable endpoint's consistent success responses help conceal the abuse. Given Appsmith's use in building internal tools connected to sensitive databases and APIs, the impact of this vulnerability is particularly severe.

    Show sources
    Open in new tab

Information Snippets

  • CVE-2026-22794 is a critical authentication flaw in Appsmith's password reset process.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources

  • Attackers can manipulate the HTTP Origin header to redirect password reset links to attacker-controlled domains.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources

  • The vulnerability allows full account takeovers by intercepting reset tokens and setting new passwords.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources

  • The vulnerable endpoint always returns a successful response, aiding in concealing abuse.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources

  • 1666 publicly accessible Appsmith instances are vulnerable, many running versions up to 1.92.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources

  • Appsmith versions 2.x are not affected by this vulnerability.

    First reported: 22.01.2026 18:00
    1 source, 1 article
    Show sources