External risk intelligence

ToolJet Authenticated Builder Role RCE Via Marketplace Plugin 3.20.178-lts

CVE advisorySeverity: CRITICAL (CVSS 9.4)

CVE-2026-55413

ToolJet is a platform designed for building and deploying internal tools, workflows, and AI agents. Such platforms are commonly deployed as web-based applications accessible to authorized users over a network. While often used for internal tools, these web application portals are frequently exposed to the internet or wide corporate networks to support remote teams and distributed workflows.

Code Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This critical vulnerability affects the open-source ToolJet platform, allowing authenticated users to inject and execute arbitrary JavaScript on the server. This could lead to a compromise of the entire ToolJet deployment and potentially impact any user interacting with a tampered plugin. The primary concern is to confirm if your ToolJet instances are affected and to understand the potential exposure.

  • Authenticated users can run malicious code on ToolJet.
  • Critical vulnerability could impact all ToolJet users.
  • Confirm ToolJet relevance and assess potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker with builder privileges can overwrite a shared marketplace plugin with malicious JavaScript. This code then runs on the server whenever another user interacts with the compromised plugin, leading to the compromise of the entire ToolJet deployment.

  • Authenticated user with builder role.
  • Overwriting a shared marketplace plugin.
  • Server-side code execution and supply-chain compromise.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an authenticated user with a builder role to execute arbitrary JavaScript on the server, leading to a compromise of the entire ToolJet deployment. The malicious code could run when any user on the instance triggers a query using a tampered plugin, potentially affecting service behavior and exposing sensitive information processed by the tool.

  • Server-side code execution.
  • Authenticated users could overwrite plugins.
  • Compromise of the entire deployment.

Operational Fix

Recommended remediation, mitigation, and detection steps

The primary responsibility for addressing this vulnerability lies with teams managing the ToolJet deployment, likely application or platform owners, in coordination with security operations. The first practical step is to identify all instances of ToolJet, assess their reachability and business criticality, and confirm the accountable owner for each. This will enable a risk-based approach to remediation, potentially involving vendor coordination and planning for necessary maintenance windows.

  • Application or platform owners should manage the issue.
  • Verify ToolJet instance reachability and criticality.
  • Plan remediation based on identified risks.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is ToolJet and how is it used?

ToolJet is an open-source, AI-native platform designed for building internal business tools, automated workflows, and AI agents. It serves as a centralized environment where teams create applications that interact with various data sources and services, functioning as a low-code foundation for managing enterprise operations.

What is the nature of the CVE-2026-55413 vulnerability?

This vulnerability is classified as CWE-94, or Improper Control of Generation of Code. It occurs because the platform fails to restrict authenticated users with builder roles from modifying marketplace plugins. By injecting arbitrary JavaScript, an attacker can cause that code to execute with full Node.js server-side privileges, effectively gaining control over the application's backend processes.

How does an attacker trigger this vulnerability?

An attacker must have an authenticated account with the builder role. They trigger the flaw by overwriting a globally-shared marketplace plugin with malicious code. The bug is not triggered by simply having the role; it requires the specific action of modifying a plugin. Once modified, the payload executes whenever any user on the system triggers a query that utilizes that compromised plugin.

Is my ToolJet instance at risk?

According to Halo Surface Signal, risk is elevated because ToolJet instances are frequently accessed over the internet or wide corporate networks to support remote teams. If your deployment is reachable via a network, an authenticated builder role could potentially leverage this flaw to compromise the entire instance, regardless of whether the platform is intended for strictly internal use.

How can I address this security issue?

The most effective response is to update your ToolJet deployment to version 3.20.178-lts or newer, as this release contains the necessary fix. Start by inventorying all active instances, identifying the owners responsible for maintenance, and scheduling the update to eliminate the risk of arbitrary code execution through the marketplace plugin system.

References