CVE-2026-7299 – CVE-2026-7299

CVE ID :CVE-2026-7299

Published : June 2, 2026, 4:16 p.m. | 16 minutes ago

Description :Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49943 – CZ.NIC BIRD Internet Routing Daemon Stack-Based Buffer Overflow

CVE-2026-42074 – OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

CVE-2026-42073 – OpenClaude’s MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

CVE-2026-40715 – Dell ThinOS Improper Access Control Privilege Escalation