{"data":{"id":"e524599b-d495-481e-84d2-9521dd222891","title":"CVE-2026-55413: ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI ","summary":"ToolJet is an open-source platform for building internal tools and AI agents. Before version 3.20.178-lts, any authenticated user with a builder role could inject malicious JavaScript code into shared marketplace plugins, allowing them to execute commands on the server with full Node.js access (the ability to run any code the server can run). This malicious code would run whenever anyone on the system used that compromised plugin, compromising the entire ToolJet deployment.","solution":"Update ToolJet to version 3.20.178-lts or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-55413","publishedAt":"2026-06-25T17:16:42.200Z","cveId":"CVE-2026-55413","cweIds":["CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["ToolJet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:42.200Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}