CyberRota
← Ana sayfaya dön

CVE-2026-54344

MEDIUM · CVSS 4.7 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-08T16:16:30.760 · Çekilme zamanı: 2026-07-08T18:32:26.617691+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-54344
Severity
MEDIUM
CVSS
4.7
EPSS
Yok
GitHub

Orijinal NVD Açıklaması

ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a deploy command to execute shell commands on the CI runner and exfiltrate deployment secrets. This issue is reported as fixed in version 3.20.180.