PROBABLYPWNED
Home/Tag/Sandbox Escape

Sandbox Escape

15 articles tagged with "Sandbox Escape"

Chrome WebGL Flaw Enables Sandbox Escape on Android
Vulnerabilities4 min read

Chrome WebGL Flaw Enables Sandbox Escape on Android

CVE-2026-13028, a critical use-after-free in Chrome's WebGL component, scores CVSS 9.6 and allows remote code execution with sandbox escape on Android. Update immediately.

Marcus ChenJul 1, 2026
12 Critical Flaws in vm2 Node.js Sandbox Enable Host Takeover
Vulnerabilities4 min read

12 Critical Flaws in vm2 Node.js Sandbox Enable Host Takeover

Security researchers disclosed 12 sandbox escape vulnerabilities in vm2, including three with CVSS 10.0 scores. The popular JavaScript isolation library can no longer be trusted to contain untrusted code.

Vulnerability DeskMay 8, 2026
PraisonAI Sandbox Bypass Scores Perfect CVSS 10
Vulnerabilities3 min read

PraisonAI Sandbox Bypass Scores Perfect CVSS 10

CVE-2026-34938 lets attackers escape PraisonAI's three-layer Python sandbox to execute arbitrary OS commands. CVSS 10 — patch to version 1.5.90 immediately.

Vulnerability DeskApr 4, 2026
n8n Merge Node Flaw Exposes 615K Instances to RCE
Vulnerabilities4 min read

n8n Merge Node Flaw Exposes 615K Instances to RCE

CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.

Vulnerability DeskMar 31, 2026
Four Critical n8n Flaws Enable Unauthenticated RCE
Vulnerabilities3 min read

Four Critical n8n Flaws Enable Unauthenticated RCE

n8n patches CVE-2026-27577, CVE-2026-27493, and two more sandbox escapes. One flaw allows unauthenticated attackers to execute commands via public form endpoints.

Vulnerability DeskMar 24, 2026
n8n Sandbox Escape CVE-2026-25049 Bypasses Prior Fix
Vulnerabilities3 min read

n8n Sandbox Escape CVE-2026-25049 Bypasses Prior Fix

New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.

Vulnerability DeskFeb 15, 2026