Home/Tag/Sandbox Escape

Sandbox Escape

13 articles tagged with "Sandbox Escape"

Vulnerabilities3 min read

OpenClaw 'Claw Chain' Flaws Let Attackers Steal Data and Plant Backdoors

Cyera discloses four chainable OpenClaw vulnerabilities (CVE-2026-44112 through 44118) exposing 245,000 servers to credential theft, privilege escalation, and persistent access.

Marcus ChenMay 16, 2026

Vulnerabilities4 min read

12 Critical Flaws in vm2 Node.js Sandbox Enable Host Takeover

Security researchers disclosed 12 sandbox escape vulnerabilities in vm2, including three with CVSS 10.0 scores. The popular JavaScript isolation library can no longer be trusted to contain untrusted code.

Marcus ChenMay 8, 2026

Vulnerabilities3 min read

OpenClaw Sandbox Escape Hits CVSS 9.9—Upgrade Before It's Exploited

CVE-2026-41329 lets attackers bypass OpenClaw's sandbox via heartbeat context manipulation, achieving privilege escalation. CVSS 9.9 demands immediate patching.

Marcus ChenApr 21, 2026

Vulnerabilities3 min read

Second PraisonAI Sandbox Escape in a Week Scores CVSS 9.9

CVE-2026-39888 bypasses PraisonAI's Python sandbox via exception frame traversal. Attackers chain __traceback__ attributes to reach exec(). Patch to 1.5.115.

Marcus ChenApr 9, 2026

Vulnerabilities3 min read

PraisonAI Sandbox Bypass Scores Perfect CVSS 10

CVE-2026-34938 lets attackers escape PraisonAI's three-layer Python sandbox to execute arbitrary OS commands. CVSS 10 — patch to version 1.5.90 immediately.

Marcus ChenApr 4, 2026

Vulnerabilities4 min read

n8n Merge Node Flaw Exposes 615K Instances to RCE

CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.

Marcus ChenMar 31, 2026

Vulnerabilities3 min read

Four Critical n8n Flaws Enable Unauthenticated RCE

n8n patches CVE-2026-27577, CVE-2026-27493, and two more sandbox escapes. One flaw allows unauthenticated attackers to execute commands via public form endpoints.

Marcus ChenMar 24, 2026

Vulnerabilities3 min read

n8n Sandbox Escape CVE-2026-25049 Bypasses Prior Fix

New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.

Marcus ChenFeb 15, 2026

Vulnerabilities4 min read

CISA Confirms VMware ESXi Flaw Used in Ransomware

CVE-2025-22225 sandbox escape now confirmed as a ransomware attack vector. Exploitation toolkit predates Broadcom's patch by a full year.

Marcus ChenFeb 6, 2026

Vulnerabilities4 min read

n8n Patches Five Critical Flaws Including CVSS 9.4 RCE

CVE-2026-25049 bypasses n8n's previous sandbox fix to enable system command execution. Four additional vulnerabilities disclosed simultaneously.

Marcus ChenFeb 5, 2026

Vulnerabilities4 min read

n8n Sandbox Escape Flaws Allow Full Server Compromise

JFrog discloses CVE-2026-1470 and CVE-2026-0863 in workflow automation platform. Both vulnerabilities enable authenticated remote code execution.

Marcus ChenJan 29, 2026

Vulnerabilities3 min read

Firefox 147 Fixes 16 Vulnerabilities Including Sandbox Escapes

Mozilla patches six high-severity flaws in Firefox 147 and ESR releases. Multiple sandbox escape vulnerabilities could enable arbitrary code execution.

Marcus ChenJan 26, 2026

Vulnerabilities4 min read

n8n Sandbox Escape Lets Users Run System Commands

CVE-2025-68668 bypasses Python code restrictions in workflow automation platform. CVSS 9.9 flaw affects versions 1.0.0 through 1.x.

Marcus ChenJan 15, 2026