Appsmith’s bundled supervisord supplies an XML‑RPC interface that, in versions prior to 2.1, is reachable from outside the container via a Caddy reverse‑proxy route at /supervisor/* on the public ingress. The supervisory password (APPSMITH_SUPERVISOR_PASSWORD) can be retrieved through the public API GET /api/v1/admin/env. An authenticated administrator can use that credential to send arbitrary XML‑RPC calls to supervisord, such as invoking twiddler.addProgramToGroup, allowing arbitrary OS command execution inside the Docker container. This flaw essentially elevates an authenticated admin to full container compromise and is cataloged as CWE‑183 and CWE‑918.

The flaw affects installations of Appsmith prior to version 2.1. The vendor Appsmith Org’s product is affected; any deployment that has not applied the 2.1 release inherits the exposed supervisord interface and the publicly viewable supervisory password.

With a CVSS score of 8.9, the vulnerability carries high impact. Exploitation requires a valid administrator account and internet access to the /supervisor route; once achieved, an attacker can execute shell commands in the container. No publicly available exploit code is known and the entry is not listed in CISA KEV, but the lack of a publicly disclosed countermeasure and the requirement for authentication make the risk significant for exposed deployments. The EPSS metric is not available, leaving the likelihood of exploitation uncertain but warranting proactive remediation.