CVE-2026-55454
🔴 Łataj teraz
Brak uwierzytelnienia w API Caddy w Appsmith umożliwia przejęcie konfiguracji proxy przez SSRF.
CVSS
9.9
EPSS
0.3%
Exploit
poc
Vendor
appsmith
Opis źródłowy (NVD)
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to the host by docker-compose.yml, it is reachable from the Appsmith server process itself or a SSRF vulnerability. An authenticated low-privileged user can therefore drive the SSRF to issue POST /load (or any other admin-API call) against http://0.0.0.0:2019/, fully replacing the live Caddy configuration and taking over the reverse proxy. This vulnerability is fixed in 2.1.
exploit ssrf
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.9 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.3% |
| Opublikowano (NVD) | 2026-06-24 22:16:49 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-26 19:50:41 UTC |
Referencje
- https://github.com/appsmithorg/appsmith/security/advisories/GHSA-8jvv-gwqg-6vjc (security-advisories@github.com) [Exploit, Third Party Advisory]