{"id":"CVE-2026-55412","summary":"ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise","details":"ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only checks the hostname string — not the resolved IP. DNS names like 169.254.169.254.nip.io resolve to the Azure IMDS link-local address and bypass the filter entirely. This allows any authenticated user (free tier) to steal Azure managed identity tokens for the AKS production cluster. This vulnerability is fixed in 3.20.178-lts.","aliases":["GHSA-h49f-mhmm-jx4w"],"modified":"2026-07-15T01:48:54.809571011Z","published":"2026-06-25T16:07:13.186Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-918"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55412.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55412.json"},{"type":"ADVISORY","url":"https://github.com/ToolJet/ToolJet/security/advisories/GHSA-h49f-mhmm-jx4w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55412"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tooljet/tooljet","events":[{"introduced":"0"},{"fixed":"2b9e193a7dffe3faaa7324ee64e362273bd51a52"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"3.20.178-lts"}]}}],"versions":["v3.20.177-lts","v3.20.176-lts","v3.20.175-lts","v3.20.174-lts","v3.20.173-lts","v3.20.172-lts","v3.20.171-lts","v3.20.165-lts","v3.20.168-lts","v3.20.170-lts","v3.20.169-lts","v3.20.167-lts","v3.20.166-lts","v3.20.164-lts","v3.20.162-lts","v3.20.163-lts","v3.20.160-lts","v3.20.161-lts","v3.20.159-lts","v3.20.158-lts","v3.20.157-lts","v3.20.156-lts","v3.20.155-lts","v3.20.154-lts","v3.20.153-lts","v3.20.152-lts","v3.20.151-lts","v3.20.150-lts","v3.20.149-lts","v3.20.148-lts","v3.20.147-lts","v3.20.146-lts","v3.20.145-lts","v3.20.144-lts","v3.20.143-lts","v3.20.142-lts","v3.20.141-lts","v3.20.138-lts","v3.20.140-lts","v3.20.139-lts","v3.20.137-lts","v3.20.136-lts","v3.20.133-lts","v3.20.135-lts","v3.20.134-lts","v3.20.132-lts","v3.20.131-lts","v3.20.130-lts","v3.20.129-lts","v3.20.127-lts","v3.20.128-lts","v3.20.126-lts","v3.20.125-lts","v3.20.124-lts","v3.20.123-lts","v3.20.122-lts","v3.20.121-lts","v3.20.113-lts","v3.20.117-lts","v3.20.120-lts","v3.20.119-lts","v3.20.118-lts","v3.20.109-lts","v3.20.116-lts","v3.20.115-lts","v3.20.101-lts","v3.20.114-lts","v3.20.111-lts","v3.20.112-lts","v3.20.110-lts","v3.20.106-lts","v3.20.108-lts","v3.20.107-lts","v3.20.105-lts","v3.20.104-lts","v3.20.103-lts","v3.20.102-lts","v3.20.100-lts","v3.20.99-lts","v3.20.98-lts","v3.20.97-lts","v3.20.96-lts","v3.20.95-lts","v3.20.94-lts","v3.20.84-lts","v3.20.92-lts","v3.20.93-lts","v3.20.91-lts","v3.20.90-lts","v3.20.88-lts","v3.20.89-lts","v3.20.87-lts","v3.20.86-lts","v3.20.85-lts","v3.20.83-lts","v3.20.75-lts","v3.20.82-lts","v3.20.81-lts","v3.20.80-lts","v3.20.79-lts","v3.20.78-lts","v3.20.77-lts","v3.20.74-lts","v3.20.73-lts","v3.20.72-lts","v3.20.71-lts","v3.20.70-lts","v3.20.69-lts","v3.20.68-lts","v3.20.67-lts","v3.20.66-lts","v3.20.65-lts","v3.20.64-lts","v3.20.63-lts","v3.20.59-lts","v3.20.62-lts","v3.20.60-lts","v3.20.61-lts","v3.20.53-lts","v3.20.58-lts","v3.20.57-lts","v3.20.56-lts","v3.20.55-lts","v3.20.54-lts","v3.20.52-lts","v3.20.51-lts","v3.20.50-lts","v3.20.49-lts","v3.20.48-lts","v3.20.47-lts","v3.20.46-lts","v3.20.35-lts","v3.20.45-lts","v3.20.43-lts","v3.20.44-lts","v3.20.42-lts","v3.20.41-lts","v3.20.40-lts","v3.20.39-lts","v3.20.38-lts","v3.20.37-lts","v3.20.36-lts","v3.20.34-lts","v3.20.33-lts","v3.20.32-lts","v3.20.31-lts","v3.20.30-lts","v3.20.29-lts","v3.20.28-lts","v3.20.26-lts","v3.20.27-lts","v3.20.25-lts","v3.20.24-lts","v3.20.23-lts","v3.20.14-lts","v3.20.22-lts","v3.20.21-lts","v3.20.20-lts","v3.20.19-lts","v3.20.17-lts","v3.20.18-lts","v3.20.16-lts","v3.20.10-lts","v3.20.15-lts","v3.20.13-lts","v3.20.12-lts","v3.20.11-lts","v3.20.9-lts","v3.20.8-lts","v3.20.7-lts","v3.20.6-lts","v3.20.5-lts","v3.20.4-lts","v3.20.3-lts","v3.20.2-lts","v3.20.1-lts","v3.20.0-lts","v3.16.33-lts","v3.16.22-lts","v3.16.32-lts","v3.16.29-lts","v3.16.31-lts","v3.16.30-lts","v3.16.28-lts","v3.16.27-lts","v3.16.26-lts","v3.16.25-lts","v3.16.17-lts","v3.16.24-lts","v3.16.23-lts","v3.16.21-lts","v3.16.20-lts","v3.16.19-lts","v3.16.18-lts","v3.16.15-lts","v3.16.16-lts","v3.16.14-lts","v3.16.13-lts","v3.16.12-lts","v3.16.11-lts","v3.16.10-lts","v3.16.9-lts","v3.16.8-lts","v3.16.7-lts","v3.16.6-lts","v3.16.4-lts","v3.16.3-lts","v3.16.2-lts","v3.16.1-lts","v3.16.0-lts","v3.15.1","v3.15.0","v3.13.0","v3.12.1","v3.12.0","v3.11.0","v3.8.0","v3.10.0","v3.9.0","v3.2.0-ce","v3.2.2-ce","v3.2.1-ce","v3.1.1-ce","v3.1.0-ce","v3.0.5-ce","v3.0.0-ce-beta","v2.67.2","v2.67.1","v2.67.0","v2.61.3","v2.20.2","v2.66.2","v2.66.1","v2.64.0","v2.65.2","v2.65.1","v2.65.0","v2.62.0","v2.63.0","v2.61.2","v2.61.1","v2.61.0","v2.60.4","v2.60.3","v2.60.2","CE-LTS-2.50.0","v2.45.0","v2.44.0","v2.43.0","v2.42.0","v2.41.0","v2.38.0","v2.40.0","v2.39.0","v2.37.0","v2.36.1","v2.36.0","v2.35.4","v2.35.3","v2.35.2","v2.35.1","v2.35.0","v2.34.2","v2.34.1","v2.34.0","v2.33.6","v2.33.5","v2.33.4","v2.33.3","v2.33.1","v2.33.0","v2.32.5","v2.32.4","v2.32.3","v2.32.2","v2.32.1","v2.32.0","v2.30.4","v2.30.3","v2.30.2","v2.30.1","v2.30.0","v2.29.0","v2.28.4","v2.28.3","v2.28.2","v2.28.1","v2.28.0","v2.27.7","v2.27.6","v2.27.5","v2.27.4","v2.27.3","v2.27.2","v2.27.1","v2.27.0","v2.26.0","v2.26.2","v2.26.1","v2.25.0","v2.24.5","v2.24.4","v2.24.3","v2.24.2","v2.24.1","v2.24.0","v2.23.0","v2.22.3","v2.22.2","v2.22.1","v2.22.0","v2.21.2","v2.21.1","v2.21.0","v2.20.1","v2.20.0","v2.19.2","v2.19.1","v2.19.0","v2.18.0","v2.17.5","v2.17.4","v2.17.3","v2.17.2","v2.17.0","v2.17.1","v2.16.1","v2.16.0","v2.15.1","v2.15.0","v2.14.1","v2.14.0","v2.13.1","v2.13.0","v2.12.0","v2.11.0","v2.11.1","v2.10.2","v2.10.1","v2.10.0","v2.9.6","v2.9.5","v2.9.4","v2.9.3","v2.9.2","v2.9.1","v2.9.0","v2.8.1","v2.8.0","v2.7.0","v2.6.2","dummy-v2.6.1","v2.6.1","v2.6.0","v2.5.0","v2.4.9","v2.4.8","v2.4.7","v2.4.6","v2.4.5","v2.4.3","v2.4.4","v2.4.2","v2.4.1","v2.4.0","v2.3.1","v2.3.0","v2.2.2","v2.2.1","v2.2.0","v2.1.5","v2.1.4","v2.1.3","v2.1.1","v2.1.0","v2.0.4","v2.0.3","v2.0.2","v2.0.1","v2.0.0","dummy-tag-for-release-notes-2","v1.30.0","dummy-tag-for-release-notes-1","v1.29.0","develop-head-390e022","v1.27.5","v1.27.4","v1.27.0","v1.24.0","v1.23.2","v1.23.0","v1.22.4","v1.22.3","v1.22.2","v1.22.1","v1.22.0","v1.21.1","v1.21.0","v1.20.5","v1.20.4","v1.20.3","v1.20.1","v1.20.0","temp-latest-develop","v1.19.0","v1.18.0","v1.17.2","v1.17.1","v1.17.0","v1.16.1","v1.16.0","v1.15.0","v1.14.0","v1.10.0","v1.6.0","v1.5.1","v1.5.0","v0.13.0","v0.12.1","v0.12.0","v0.11.0","v0.10.1-hotfix.1","v0.10.0-hotfix.1","v0.10.1","v0.10.0","v0.9.3-hotfix.2","v0.9.3","v0.9.2","v0.9.1","v0.9.0","v0.8.1-ee.1.0.0","v0.8.1","v0.8.0","v0.7.4","fix-csp","v0.7.3","v0.7.2","v0.7.1","v0.7.0","fix-pg-queries","v0.6.1","fix-image","v0.6.0","v0.5.14","fix-setup","v0.5.13","fix-mongo","fix-ec2","fix-webpack","v0.5.12","fix-k8s","v0.5.11","v0.5.10","v0.5.9","bump-version","v0.5.8","fix-dyn-vars","v0.5.7","v0.5.6","v0.5.5","v0.5.4","v0.5.3","v0.5.2","v0.5.1","v0.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55412.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}]}