NVD CRITICAL: CVE-2026-55455 — Appsmith is a platform to build admin panels, internal tools, and dashboards. Pr...
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API and GraphQL datasource plugins) validates hosts against an exact-match string denylist. The comprehensive address-class check (loopback, any-local, link-local, fc00::/7) exists only on a separate code path used by SMTP, not by the
CVE-2026-55455