Email Security Vulnerability in Appsmith Platform by Appsmith
CVE-2026-49979
5.1MEDIUM
What is CVE-2026-49979?
The Appsmith platform, used for building internal tools and dashboards, had a vulnerability in the POST /api/v1/admin/send-test-email endpoint. Prior to version 1.99, this endpoint accepted user-controlled inputs for smtpHost and smtpPort, allowing attackers to establish unauthorized TCP connections without proper IP validation. This security gap led to the bypassing of essential IP verification processes and exposed sensitive error messages, which could be exploited for internal port scanning and to reveal information about services running on the target system.
Affected Version(s)
appsmith < 1.99
