Appsmith vs Workato
Side-by-side trajectory, velocity, and editorial themes.
Appsmith spent six months in a sustained security-patch cycle, capped by a release with 15+ named advisories.
Appsmith's recent release stream is dominated by security work. v1.99 alone landed roughly fifteen security-tagged fixes — multiple named GHSAs (super-user race condition, SSRF via send-test-email, OAuth2 callback ACL bypass, application snapshot delete permission, expanded metadata denylist), critical CVE patches (CVE-2025-70952, CVE-2026-33937 in handlebars, CVE-2026-22732 around Spring Security headers), AQL injection prevention in the ArangoDB plugin, and several reflected XSS and email-normalization fixes. The same pattern repeats in v1.98 (SQL injection in UQI filters, simple-git critical CVE), v1.96 (arbitrary file write outside repo scope, OS command injection in in-memory Git, XSS in Table HTML cells), and earlier. Feature work continues alongside but at a much smaller volume — Redis TLS, BetterBugs SDK, Favorite Applications V2, Helm extraVolumes.
The arc is clear: Appsmith is absorbing the output of what looks like a sustained external audit (or several converging ones) and using minor releases as the patch vehicle. The diversity of vuln classes across the ArangoDB plugin, Spring Security headers, OAuth2 callback, in-memory Git, snapshot deletion permissions, and metadata denylist points to a broad-surface review rather than a single component. Feature work isn't stalled, but it's clearly running second to the security queue.
Expect at least one or two more 1.9x releases to keep landing security patches before a 2.0 line emerges. Watch for a release that bundles fewer security items than features — that's the signal the audit cycle has caught up. Likely product-side bets are continued data-source TLS coverage and more granular permission scoping (the GHSAs around snapshots and OAuth2 lookup suggest the permission model is being tightened systematically).
Workato is becoming the MCP-server vendor for enterprise SaaS — agents call Workato, Workato calls everything else.
Workato's release stream centers on two simultaneous bets. First, a fast cadence of MCP Servers — Dropbox, Freshdesk, Excel, OneDrive, ZoomInfo, Outlook Contacts, and more — turning Workato's connector library into a uniform MCP-accessible surface for agent tools. Second, enterprise control-plane work: RBAC 2.0 with environment- and project-scoped roles, an API Edge Gateway that runs inside the customer's own infrastructure, Developer Portal SSO, and a new China data center for in-region data residency. Community and platform connector updates continue at monthly cadence underneath.
Workato is positioning itself as the integration substrate that agents talk to, not just the iPaaS that humans configure. The MCP server cadence is the clearest signal: every connector that ships as MCP makes Workato a default tool provider for any agent framework, while the connector library itself becomes a moat. In parallel, the enterprise control-plane work — edge gateway, RBAC 2.0, China DC — is plainly aimed at regulated-industry deals where AI-driven integration is otherwise gated by compliance.
Expect MCP coverage to widen across the remaining marquee SaaS connectors (Salesforce, ServiceNow, Workday in MCP form) and a formal 'Workato as agent backbone' positioning at the next user conference. The Edge Gateway is likely to spawn an Edge-deployable MCP runtime as the natural next step for regulated buyers.
See more alternatives to Appsmith →
See more alternatives to Workato →