CISA issues guidance on Appsmith CVE-2026-7299 stored XSS fix
A stored cross-site scripting vulnerability in Appsmith affects the CodeMirror-based SQL query editor’s autocomplete renderer. The flaw can enable arbitrary JavaScript execution in a workspace member’s browser when SQL autocomplete is triggered, which can allow session hijacking, privilege escalation, or credential theft.
The issue is tracked as CVE-2026-7299. Appsmith’s SQL query editor autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS via malicious table or column names. Exploitation requires an account with developer access. When an administrator opens the SQL editor and triggers autocomplete (for example, by typing SELECT * FROM), the malicious table name executes the stored payload. The advisory also describes that an attacker with developer level access to a shared PostgreSQL datasource can inject arbitrary JavaScript by creating malicious database objects whose names contain XSS payloads, and that this can occur in the sessions of other workspace members who interact with the same datasource. Version 2.1 of Appsmith fixes CVE-2026-7299.
Successful exploitation of CVE-2026-7299 results in arbitrary code execution in the browser of any workspace member who triggers SQL autocomplete. The advisory lists outcomes as enabling session hijacking, privilege escalation, or credential theft.
Version 2.1 of Appsmith fixes the vulnerability. The stated guidance is to update installations as soon as possible.
The disclosure states that the vulnerability requires developer access and that the CodeMirror-based SQL query editor autocomplete fails to sanitize database object names before rendering them in innerHTML, enabling persistent XSS through malicious table or column names. It also notes that when SQL autocomplete is triggered, the malicious table name executes the stored payload in the session of other workspace members who use the same datasource.