Home / Vulnerability Intelligence / CVE-2026-4092

CVE-2026-4092 - Vulnerability Analysis

N/a

Last Updated: March 13, 2026

Clasp - Path Traversal

Published: March 13, 2026Updated: March 13, 2026PoC Available

Overview

Clasp < 3.2.0 contains a path traversal caused by specially crafted filenames with directory traversal sequences in Google Apps Script projects, letting remote attackers execute arbitrary code remotely, exploit requires crafted malicious project.

Severity & Score

Severity: N/a

Impact

Remote attackers can execute arbitrary code by exploiting path traversal in crafted Google Apps Script projects.

Mitigation

Update to version 3.2.0 or later.

References

https://github.com/google/clasp/pull/1109

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4092
Severity: N/a
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

N/A