Bash Command Injection Vulnerability Impacting ToolJet Low-Code Platform
CVE-2026-54344
4.7MEDIUM
What is CVE-2026-54344?
ToolJet, an open-source low-code platform designed for building internal tools, is vulnerable to a command injection issue. Prior to version 3.20.180, the platform's render preview deployment workflow improperly interpolated user-submitted comments from GitHub directly into bash conditional commands. This flaw allows any GitHub user who can comment on an active pull request to execute arbitrary shell commands on the CI runner, potentially leading to the unauthorized exposure of sensitive deployment secrets. The vulnerability has been addressed in version 3.20.180. For more information, visit the ToolJet security advisory.
Affected Version(s)
ToolJet < 3.20.180
