SSRF in Appsmithorg Appsmith
CVE-2026-49979
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connec…
Affected products
- Appsmithorg Appsmith — versions < 1.99
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)