{"data":{"id":"a66590ef-6734-4dba-9eea-52b29633e14e","title":"CVE-2026-55411: ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI ","summary":"ToolJet, an open-source platform for building internal tools and AI agents, had a security flaw in versions before 3.20.1780-lts where an authenticated endpoint (POST /api/data-sources/decrypt) could decrypt sensitive database credentials for any organization if you knew the credential ID, even if you weren't part of that organization. This is a cross-tenant confidentiality breach (unauthorized access to another organization's secrets) because the endpoint lacked proper security checks that other similar endpoints had.","solution":"Update ToolJet to version 3.20.1780-lts or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55411","publishedAt":"2026-06-25T17:16:41.823Z","cveId":"CVE-2026-55411","cweIds":["CWE-639","CWE-863"],"cvssScore":"6.8","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ToolJet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"adjacent","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:41.823Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}