Description
ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free tier) can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes server-side with full Node.js access (require, process). The malicious code runs whenever any user on the instance triggers a query using that plugin — achieving both RCE and supply-chain compromise of the entire ToolJet deployment. This vulnerability is fixed in 3.20.178-lts.
Published: 2026-06-25
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in the marketplace plugin handling of ToolJet that lets an authenticated builder‑role user overwrite a globally shared plugin with arbitrary JavaScript. That code executes server‑side with full Node.js privileges, granting the attacker capability to run commands, read and modify files, and potentially modify other plugins or configurations. The weakness is an improper trust of plugin content (CWE‑94), leading to complete compromise of the deployed instance whenever any user triggers the plugin.

Affected Systems

ToolJet versions prior to 3.20.178‑lts are vulnerable. The vulnerability applies to all installations of the open‑source ToolJet platform where marketplace plugins are enabled and a user holds a builder‑role account. Versions 3.20.178‑lts and later contain the fix.

Risk and Exploitability

The CVSS score of 9.4 rates this as critical, and while an EPSS value is not published, the lack of a KEV listing does not reduce the risk; the exploit requires only authenticated access as a builder user, a role commonly available in many deployments. A malicious user can overwrite a plugin that is shared across the instance, allowing the arbitrary code to execute whenever any user loads the plugin, effectively providing remote code execution and supply‑chain compromise for the entire ToolJet deployment.

Generated by OpenCVE AI on June 25, 2026 at 18:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ToolJet to version 3.20.178‑lts or newer to apply the vendor‑supplied fix.
  • If an immediate upgrade is not feasible, disable or restrict use of marketplace plugins until the update can be applied.
  • Revoke or limit builder‑role privileges from users not required for development to prevent unauthorized plugin modifications.

Generated by OpenCVE AI on June 25, 2026 at 18:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free tier) can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes server-side with full Node.js access (require, process). The malicious code runs whenever any user on the instance triggers a query using that plugin — achieving both RCE and supply-chain compromise of the entire ToolJet deployment. This vulnerability is fixed in 3.20.178-lts.
Title ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 9.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T18:01:40.725Z

Reserved: 2026-06-16T21:48:43.125Z

Link: CVE-2026-55413

cve-icon Vulnrichment

Updated: 2026-06-25T18:01:33.051Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T18:15:04Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')