Email Security Vulnerability in Appsmith Platform by Appsmith
CVE-2026-49979

5.1MEDIUM

Key Information:

Status
Vendor
CVE Published:
24 June 2026

What is CVE-2026-49979?

The Appsmith platform, used for building internal tools and dashboards, had a vulnerability in the POST /api/v1/admin/send-test-email endpoint. Prior to version 1.99, this endpoint accepted user-controlled inputs for smtpHost and smtpPort, allowing attackers to establish unauthorized TCP connections without proper IP validation. This security gap led to the bypassing of essential IP verification processes and exposed sensitive error messages, which could be exploited for internal port scanning and to reveal information about services running on the target system.

Affected Version(s)

appsmith < 1.99

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.