HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-55413Published Modified CNA GitHub_M

CVE-2026-55413: ToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code Execution

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, any authenticated user with builder role (free tier) can overwrite a globally-shared marketplace plugin with arbitrary JavaScript that executes server-side with full Node.js access (require, process). The malicious code runs whenever any user on the instance triggers a query using that plugin — achieving both RCE and supply-chain compromise of the entire ToolJet deployment. This vulnerability is fixed in 3.20.178-lts.

Metrics

CVSS v4.0
9.4
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a marketplace plugin poisoning vulnerability in ToolJet, an open-source platform for building internal tools and workflows. Any authenticated user holding a builder role (the free-tier role) can overwrite a globally shared marketplace plugin with arbitrary JavaScript, which then executes server-side with full Node.js privileges (including access to require and process) whenever any other user on the instance triggers a query using that plugin. Successful exploitation gives an attacker remote code execution across the entire ToolJet deployment and effectively poisons the plugin supply chain instance-wide. No fix version has been published yet; HarborGuard is tracking the advisory for patch availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built ToolJet images. Any image carrying an affected ToolJet version is flagged immediately in the customer's registry and CI/CD pipeline scan results.

Available
Triage

HarborGuard scores this finding at CVSS 9.4 (Critical) using the published v4.0 vector and weights it against each environment's compliance policy to determine urgency and routing. Triage results are delivered to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment upstream ships a fix. In the interim, customers can apply compensating controls through HarborGuard's policy engine, such as network-policy isolation and egress filtering for affected ToolJet deployments.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the ToolJet service over the network to submit the malicious plugin payload via the web interface.

  • AuthenticationRequired

    A low-privilege builder-role account is sufficient; no administrative credentials are needed.

  • Victim interactionNot required

    No victim interaction is needed; the malicious code executes automatically the next time any user on the instance triggers a query using the poisoned plugin.

  • Attack complexityDetail

    The exploit is reliable and condition-free; no race conditions, memory layout dependencies, or environmental setup are required.

Blast Radius

  • Executes arbitrary JavaScript server-side with full Node.js access, giving the attacker read and write access to the underlying filesystem and environment variables including secrets.
  • Modifies a globally shared marketplace plugin, meaning every user and workflow on the entire ToolJet instance is exposed to the malicious code on their next query execution.
  • Enables exfiltration of database credentials, API keys, and any other secrets accessible to the ToolJet server process.
  • Allows the attacker to pivot laterally from the ToolJet host to other services reachable from within the deployment network.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-55413 at this time, HarborGuard continuously re-checks the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment ToolJet publishes a fix. While awaiting the patch, customers can apply compensating controls: use HarborGuard's network-policy isolation recommendations to restrict inbound access to the ToolJet service to known internal CIDR ranges, apply egress filtering to limit outbound connections from the ToolJet container, and consider disabling marketplace plugin write permissions at the application configuration level if ToolJet exposes that feature flag. Given the Critical CVSS 9.4 score and the instance-wide blast radius, this finding is routed with the highest urgency tier. For customers who opt into auto-remediation, a rebuild and regression run will be triggered and a PR opened against affected workloads as soon as a fix version is published upstream; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes in environments with auto-remediation enabled.

See how HarborGuard automates this
Affected packages
  • ToolJet / ToolJet
    < 3.20.178-lts
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
References