Is Clasp affected by EUVD-2026-12047?

CVE-2026-4092 is a high-severity remote code execution vulnerability in Clasp versions prior to 3.2.0 that allows attackers to execute arbitrary code by uploading malicious Google Apps Script projects.

EUVD-2026-12047

Q: How to fix EUVD-2026-12047?

Within 24 hours: Inventory all systems running Clasp and identify critical dependencies; disable Clasp functionality where operationally feasible. Within 7 days: Implement network segmentation to restrict Clasp processes from accessing sensitive systems; enable enhanced logging on Google Workspace and Google Apps Script execution; review recent Clasp project uploads for suspicious activity. Within 30 days: Establish a process to immediately deploy the vendor patch upon availability; conduct forensic analysis of historical Clasp usage for indicators of compromise.

| CVE-2026-4092 HIGH

2026-03-13 Google

GHSA-hqjg-pww4-pcgq

8.7

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

Analysis Generated

Mar 13, 2026 - 16:57 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 16:57 euvd

EUVD-2026-12047

CVE Published

Mar 13, 2026 - 15:44 nvd

HIGH 8.7

Description

Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.

Analysis

Remote code execution in Clasp versions below 3.2.0 allows unauthenticated attackers to execute arbitrary code by uploading Google Apps Script projects with specially crafted filenames that exploit path traversal weaknesses. Public exploit code exists for this vulnerability, and no patch is currently available. …

Remediation

Within 24 hours: Inventory all systems running Clasp and identify critical dependencies; disable Clasp functionality where operationally feasible. Within 7 days: Implement network segmentation to restrict Clasp processes from accessing sensitive systems; enable enhanced logging on Google Workspace and Google Apps Script execution; review recent Clasp project uploads for suspicious activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +1.0

CVSS: +44

POC: +20

EUVD-2026-12047 vulnerability details – vuln.today

Back

EUVD-2026-12047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12047

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code