Critical Appsmith Vulnerability Enables Account Takeovers

Critical Appsmith Vulnerability Enables Account Takeovers

First seen 27 Jan 2026, 02:51 UTC Infosecurity-MagazineScworld 81% similarity 87.6

Article Content

Browse articles
ThreatCluster

A critical authentication vulnerability in the Appsmith low-code platform, tracked as CVE-2026-22794, has been exploited to facilitate user account takeovers. The flaw allows attackers to manipulate password reset links by abusing a client-controlled HTTP header, leading to full account compromise during the password reset process.

ThreatCluster AI

Community

Browse all →