{"data":{"id":"619486a8-efbf-4dd4-adf1-1b44b028b1cc","title":"CVE-2026-55412: ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI ","summary":"ToolJet, an open-source platform for building internal tools and AI agents, has an SSRF vulnerability (server-side request forgery, where an attacker tricks the server into making unintended HTTP requests) in versions before 3.20.178-lts. The RestAPI data source component only checks hostnames but not the actual IP addresses they resolve to, allowing attackers to use specially crafted domain names like 169.254.169.254.nip.io to reach Azure IMDS (Azure Instance Metadata Service, which stores sensitive cloud credentials) and steal authentication tokens for production systems.","solution":"Update ToolJet to version 3.20.178-lts or later, which contains the fix for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55412","publishedAt":"2026-06-25T17:16:42.020Z","cveId":"CVE-2026-55412","cweIds":["CWE-918"],"cvssScore":"8.3","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ToolJet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:42.020Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}