CVE-2026-30862

{"id": "CVE-2026-30862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2026-03-10T17:40:14.123", "references": [{"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-5hw4-whxv-6794", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/appsmithorg/appsmith/security/advisories/GHSA-5hw4-whxv-6794", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be interpolated into the DOM. By leveraging the \"Invite Users\" feature, an attacker with a regular user account (user@gmail.com) can force a System Administrator to execute a high-privileged API call (/api/v1/admin/env), resulting in a Full Administrative Account Takeover. This vulnerability is fixed in 1.96."}, {"lang": "es", "value": "Appsmith es una plataforma para construir paneles de administraci\u00f3n, herramientas internas y cuadros de mando. Anterior a la 1.96, existe una vulnerabilidad XSS Almacenado Cr\u00edtica en el Widget de Tabla (TableWidgetV2). La causa ra\u00edz es una falta de saneamiento de HTML en el pipeline de renderizado de componentes de React, permitiendo que atributos maliciosos sean interpolados en el DOM. Aprovechando la caracter\u00edstica 'Invitar Usuarios', un atacante con una cuenta de usuario regular (user@gmail.com) puede forzar a un Administrador del Sistema a ejecutar una llamada a la API con altos privilegios (/api/v1/admin/env), resultando en una Toma de Control Completa de la Cuenta Administrativa. Esta vulnerabilidad est\u00e1 corregida en la 1.96."}], "lastModified": "2026-03-13T15:34:16.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB36CCD5-B655-45E3-97B3-FC5FC2B79B6B", "versionEndExcluding": "1.96"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}