BIT-appsmith-2026-49979

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/appsmith/BIT-appsmith-2026-49979.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-appsmith-2026-49979
Aliases
Published
2026-06-30T23:35:48.224Z
Modified
2026-07-08T08:11:10.056621858Z
Summary
Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter
Details

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses WebClientUtils.IPCHECKFILTER, which only applies to Spring WebClient HTTP requests. Additionally, the raw MailException.getMessage() is returned verbatim in the API error response, enabling error-based internal port scanning and service banner enumeration. This vulnerability is fixed in 1.99.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:appsmith:appsmith:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / appsmith

Package

Name
appsmith
Purl
pkg:bitnami/appsmith

Severity

  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.99.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/appsmith/BIT-appsmith-2026-49979.json"