Skip to main content

ToolJet CVE-2026-55412

| EUVDEUVD-2026-39469 HIGH
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-25 GitHub_M
8.3
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
vuln.today AI
8.5 HIGH

Network-reachable and low-complexity, but requires an authenticated account (PR:L); scope changes as the SSRF pivots to Azure IMDS, and stolen cloud tokens make confidentiality High.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch available
Jun 25, 2026 - 18:03 EUVD
Analysis Generated
Jun 25, 2026 - 17:18 vuln.today
CVE Published
Jun 25, 2026 - 16:07 cve.org
HIGH 8.3

DescriptionCVE.org

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string - not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts.

AnalysisAI

Server-side request forgery in ToolJet's RestAPI data source (versions prior to 3.20.178-lts) allows a low-privileged platform user to reach internal network endpoints because the private-IP filter validates only the hostname string rather than the resolved IP. By supplying a DNS name such as 169.254.169.254.nip.io, an attacker bypasses the filter and forces the server to query the Azure IMDS link-local endpoint, enabling theft of managed-identity tokens for the backing AKS production cluster. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as free-tier user
Delivery
Create RestAPI data source to 169.254.169.254.nip.io
Exploit
Bypass hostname-only IP filter
Execution
Server queries Azure IMDS
Persist
Exfiltrate managed-identity token
Impact
Pivot into AKS production cluster

Vulnerability AssessmentAI

Exploitation Requires an authenticated ToolJet account (the advisory states any free-tier user suffices) with the ability to create or edit a RestAPI data source, and a target deployment whose server can reach a cloud metadata endpoint - concretely demonstrated against Azure IMDS at 169.254.169.254 in an AKS-hosted instance with an attached managed identity. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed but lean toward a genuine priority for ToolJet operators running in Azure/AKS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated free-tier ToolJet user creates a RestAPI data source pointing at http://169.254.169.254.nip.io/metadata/identity/oauth2/token (with the IMDS-required header), which resolves to the Azure link-local metadata address and slips past the hostname-only private-IP filter. ToolJet's server issues the request and returns the managed-identity access token to the attacker, who then uses it to authenticate to Azure and pivot into the AKS production cluster. …
Remediation Upgrade to ToolJet 3.20.178-lts, which contains the fix, per advisory GHSA-h49f-mhmm-jx4w (https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all ToolJet instances and their current versions using deployment inventories; implement network-level restrictions blocking RestAPI data source outbound access to 169.254.169.254 and *.nip.io domains. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-3019 HIGH POC
8.8 Aug 29

The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that w

CVE-2022-2631 HIGH POC
8.8 Aug 02

Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. Rated high severity (CVSS 8.8), this vuln

CVE-2022-23067 HIGH POC
8.8 May 18

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . Ra

CVE-2022-2037 HIGH POC
8.0 Jun 09

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. Rated high severity (CVSS 8.0), this vul

CVE-2022-27978 HIGH POC
7.5 Apr 26

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a

CVE-2022-3422 HIGH POC
7.5 Oct 07

Account Takeover :: when see the info i can see the hash pass i can creaked it ............... Rated high severity (CVSS

CVE-2022-4111 MEDIUM POC
6.5 Nov 22

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile

CVE-2022-27979 MEDIUM POC
5.4 Apr 26

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML v

CVE-2026-55413 CRITICAL
9.4 Jun 25

Stored code injection in ToolJet self-hosted (prior to 3.20.178-lts) lets any authenticated builder-role user - availabl

CVE-2022-23068 MEDIUM POC
5.4 May 18

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside t

CVE-2022-3348 MEDIUM POC
4.9 Sep 28

Just like in the previous report, an attacker could steal the account of different users. Rated medium severity (CVSS 4.

CVE-2026-55411 MEDIUM
6.8 Jun 25

Cross-tenant credential decryption in ToolJet prior to 3.20.1780-lts allows any authenticated user to retrieve plaintext

Share

CVE-2026-55412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy