High severity8.8NVD Advisory· Published Mar 13, 2026· Updated Apr 14, 2026
CVE-2026-4092
CVE-2026-4092
Description
Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@google/claspnpm | < 3.2.0 | 3.2.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/google/clasp/pull/1109nvdIssue TrackingPatchWEB
- github.com/advisories/GHSA-hqjg-pww4-pcgqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-4092ghsaADVISORY
- github.com/google/clasp/commit/ba6bd666fe74de54950122b5d92ecf1dcc02a9d3ghsaWEB
- github.com/google/clasp/releases/tag/v3.2.0ghsaWEB
- github.com/google/clasp/security/advisories/GHSA-hqjg-pww4-pcgqghsaWEB
News mentions
0No linked articles in our index yet.