{"id":"CVE-2026-30862","summary":"Critical Stored XSS & Privilege Escalation in Appsmith","details":"Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget (TableWidgetV2). The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be interpolated into the DOM. By leveraging the \"Invite Users\" feature, an attacker with a regular user account (user@gmail.com) can force a System Administrator to execute a high-privileged API call (/api/v1/admin/env), resulting in a Full Administrative Account Takeover. This vulnerability is fixed in 1.96.","aliases":["BIT-appsmith-2026-30862","GHSA-5hw4-whxv-6794"],"modified":"2026-04-10T05:41:57.175549Z","published":"2026-03-09T22:26:11.163Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30862.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30862.json"},{"type":"ADVISORY","url":"https://github.com/appsmithorg/appsmith/security/advisories/GHSA-5hw4-whxv-6794"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30862"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/appsmithorg/appsmith","events":[{"introduced":"0"},{"fixed":"b207dbb84d4b985dd60ef5411c47d9bd8721fde9"}]}],"versions":["V1.22","v.1.6.23","v.1.6.25","v1.0","v1.0-beta.2","v1.0.1","v1.0.2","v1.1","v1.10","v1.11","v1.12","v1.13","v1.14","v1.15","v1.16","v1.17","v1.18","v1.19","v1.2","v1.2.1","v1.2.16","v1.2.2","v1.2.4","v1.20","v1.21","v1.22.1","v1.23","v1.24","v1.25","v1.26","v1.27","v1.28","v1.29","v1.30","v1.31","v1.32","v1.33","v1.34","v1.35","v1.36","v1.37","v1.38","v1.38.1","v1.39","v1.4.3","v1.4.4","v1.40","v1.41","v1.42","v1.43","v1.44","v1.45","v1.46","v1.47","v1.48","v1.49","v1.5.17","v1.50","v1.51","v1.52","v1.53","v1.54","v1.55","v1.56","v1.57","v1.58","v1.59","v1.6.10","v1.6.11","v1.6.12","v1.6.13","v1.6.14","v1.6.15","v1.6.16","v1.6.17","v1.6.18","v1.6.19","v1.6.20","v1.6.21","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.60","v1.61","v1.62","v1.63","v1.64","v1.65","v1.66","v1.67","v1.68","v1.69","v1.7.0","v1.7.1","v1.7.10","v1.7.11","v1.7.12","v1.7.13","v1.7.14","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.70","v1.71","v1.72","v1.73","v1.74","v1.75","v1.76","v1.77","v1.78","v1.79","v1.8.0","v1.8.1","v1.8.10","v1.8.11","v1.8.12","v1.8.13","v1.8.14","v1.8.14.1","v1.8.15","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.80","v1.81","v1.82","v1.83","v1.84","v1.85","v1.86","v1.88","v1.89","v1.9.0","v1.9.1","v1.9.10","v1.9.11","v1.9.12","v1.9.13","v1.9.14","v1.9.15","v1.9.16","v1.9.17","v1.9.18","v1.9.19","v1.9.2","v1.9.20","v1.9.20.2","v1.9.20.3","v1.9.20.4","v1.9.21","v1.9.22","v1.9.23","v1.9.24","v1.9.25","v1.9.26","v1.9.27","v1.9.28","v1.9.29","v1.9.3","v1.9.3.1","v1.9.30","v1.9.31","v1.9.32","v1.9.33","v1.9.34","v1.9.35","v1.9.36","v1.9.37","v1.9.37.1","v1.9.38","v1.9.39","v1.9.4","v1.9.40","v1.9.41","v1.9.42","v1.9.43","v1.9.44","v1.9.45","v1.9.46","v1.9.47","v1.9.48","v1.9.49","v1.9.5","v1.9.50","v1.9.51","v1.9.52","v1.9.53","v1.9.54","v1.9.55","v1.9.56","v1.9.57","v1.9.58","v1.9.6","v1.9.60","v1.9.61","v1.9.7","v1.9.8","v1.9.9","v1.90","v1.91","v1.92","v1.93","v1.94","v1.95"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30862.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}]}