CVE-2026-55412 - Vulnerability Details

- ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

Description

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string — not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts.

Published: 2026-06-25

Score: 8.3 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability is a Server‑Side Request Forgery (SSRF) in ToolJet's RestAPI data source. The component executes HTTP requests on the server side and only validates the hostname string when filtering private IP addresses. Names such as 169.254.169.254.nip.io resolve to Azure's Instance Metadata Service address, allowing the filter to be bypassed. An attacker who is authenticated to ToolJet, including free‑tier users, can send a crafted request that retrieves the Azure managed identity token used by the application’s AKS cluster. Possessing that token can lead to unauthorized access to Azure resources and potentially broader system compromise. The weakness is identified as CWE‑918.

Affected Systems

ToolJet version 3.20.178‑lts and earlier. The SSRF affects the RestAPI data source component of the ToolJet open‑source platform, used for building internal tools, workflows, and AI agents.

Risk and Exploitability

The CVSS score is 8.3, indicating high severity. No EPSS data is available, and the vulnerability is not listed in CISA's KEV catalog, suggesting limited but not negligible exploitation potential. Attackers must be authenticated, which is possible for all free‑tier users. Once the SSRF succeeds, the attacker can silently obtain Azure tokens that grant elevated privileges. The risk is therefore high for organizations running affected ToolJet instances, especially those with production clusters exposed to the Internet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ToolJet

affected

Version	Status	Constraints
`< 3.20.178-lts`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor patch by upgrading ToolJet to version 3.20.178‑lts or later, which corrects the SSRF filter logic in the RestAPI data source.
If an immediate upgrade is not feasible, restrict outgoing traffic from the ToolJet server by firewall or proxy rules to block requests targeting Azure IMDS (169.254.169.254) and other link‑local addresses.
After patching or restricting, review and rotate any Azure managed identity tokens or credentials that might have been exposed, and consider disabling non‑essential Azure service integrations.

Generated by OpenCVE AI on June 25, 2026 at 18:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w

History

Thu, 25 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 25 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string — not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts.
Title		ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise
Weaknesses		CWE-918
References		https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-25T16:07:13.186Z

Updated: 2026-06-25T17:40:41.755Z

Reserved: 2026-06-16T21:48:43.125Z

Link: CVE-2026-55412

Vulnrichment

Updated: 2026-06-25T17:39:57.487Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T18:15:04Z

Weaknesses

CWE-918
Server-Side Request Forgery (SSRF)

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object