10 articles tagged with "Sandbox Escape"
CVE-2026-39888 bypasses PraisonAI's Python sandbox via exception frame traversal. Attackers chain __traceback__ attributes to reach exec(). Patch to 1.5.115.
CVE-2026-34938 lets attackers escape PraisonAI's three-layer Python sandbox to execute arbitrary OS commands. CVSS 10 — patch to version 1.5.90 immediately.
CVE-2026-33660 (CVSS 9.4) lets authenticated users escape n8n's AlaSQL sandbox via the Merge node. Over 615,000 public instances potentially vulnerable.
n8n patches CVE-2026-27577, CVE-2026-27493, and two more sandbox escapes. One flaw allows unauthenticated attackers to execute commands via public form endpoints.
New n8n RCE flaw bypasses December patch through type confusion. CVSS 9.4 vulnerability enables unauthenticated command execution via malicious workflows.
CVE-2025-22225 sandbox escape now confirmed as a ransomware attack vector. Exploitation toolkit predates Broadcom's patch by a full year.
CVE-2026-25049 bypasses n8n's previous sandbox fix to enable system command execution. Four additional vulnerabilities disclosed simultaneously.
JFrog discloses CVE-2026-1470 and CVE-2026-0863 in workflow automation platform. Both vulnerabilities enable authenticated remote code execution.
Mozilla patches six high-severity flaws in Firefox 147 and ESR releases. Multiple sandbox escape vulnerabilities could enable arbitrary code execution.
CVE-2025-68668 bypasses Python code restrictions in workflow automation platform. CVSS 9.9 flaw affects versions 1.0.0 through 1.x.