Account hijacking likely with actively exploited critical Appsmith vulnerability

Infosecurity Magazine reports that threat actors have been actively exploiting a critical authentication flaw in the open-source low-code application platform Appsmith, tracked as CVE-2026-22794, to facilitate user account takeovers.

Intrusions involving the vulnerability, which stems from Appsmith's password reset process, could enable the inclusion of an illicit value into the password reset link and the eventual exposure of the reset token, allowing the creation of a new password to access the account without triggering security alerts, according to an analysis from Resecurity. Attackers could then harness such access for user management, app manipulation, and connected business data compromise.

Findings from a Shodan scan revealed that the U.S. accounted for most of the 1,666 internet-exposed Appsmith instances that could be impacted by potential exploitation of CVE-2026-22794. Organizations have been urged to immediately upgrade to Appsmith 1.93, which addresses the issue via more stringent Origin header validation and trusted base URL enforcement.