Appsmith versions prior to 2.1 expose a Caddy reverse‑proxy admin API that is bound to 0.0.0.0:2019 inside the container and has no authentication by default. An authenticated user with low privileges can exploit a Server‑Side Request Forgery or the local Appsmith process to send POST /load or any other admin‑API call to http://0.0.0.0:2019/, fully replacing the running Caddy configuration. This allows an attacker to reconfigure or take over the reverse proxy, potentially redirecting, intercepting, or directing traffic to malicious services, effectively enabling remote code execution or privilege escalation.

All Appsmith deployments using appsmithorg version older than 2.1 are impacted, whether running with default docker‑compose or similar setups. The specific vulnerability is contained within the bundled Caddy reverse‑proxy component bundled with Appsmith.

The flaw carries a CVSS score of 9.9, indicating critical severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. However, the presence of an unauthenticated admin interface and the requirement of only a low‑privileged authenticated user make exploitation straightforward once an SSRF or local execution context is established. The attack vector is likely local to the Appsmith server process or via SSRF, and requires an authenticated session but no elevated privileges. Given the high severity and the ease of exploitation, organizations should treat this as an immediate threat.