CVE-2026-4092

UNKNOWN 0.0

Arbitrary File Write via Path Traversal in Google clasp leading to RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.

CWE	CWE-22
Vendor	google
Product	clasp
Ecosystems	Android Cloud Chrome
Industries	Technology
Published	Mar 13, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for google clasp

Be the first to know when new unknown vulnerabilities affecting google clasp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Google / Clasp

< 3.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/google/clasp/pull/1109