CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox

🗓️ 13 Apr 2026 21:15:11Reported by VulDBType

CVE-2026-6224 enables remote sandbox manipulation in nocobase plugin-workflow-javascript via Vm.js createSafeConsole.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-6224	13 Apr 202621:15	–	attackerkb
Circl	CVE-2026-6224	13 Apr 202623:21	–	circl
CNNVD	Nocobase 安全漏洞	13 Apr 202600:00	–	cnnvd
CVE	CVE-2026-6224	13 Apr 202621:15	–	cve
EUVD	EUVD-2026-22122	14 Apr 202600:31	–	euvd
NVD	CVE-2026-6224	13 Apr 202622:16	–	nvd
Positive Technologies	PT-2026-32532	13 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-6224	5 Jun 202619:31	–	redhatcve
Vulnrichment	CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox	13 Apr 202621:15	–	vulnrichment

[
  {
    "vendor": "nocobase",
    "product": "plugin-workflow-javascript",
    "versions": [
      {
        "version": "2.0.0",
        "status": "affected"
      },
      {
        "version": "2.0.1",
        "status": "affected"
      },
      {
        "version": "2.0.2",
        "status": "affected"
      },
      {
        "version": "2.0.3",
        "status": "affected"
      },
      {
        "version": "2.0.4",
        "status": "affected"
      },
      {
        "version": "2.0.5",
        "status": "affected"
      },
      {
        "version": "2.0.6",
        "status": "affected"
      },
      {
        "version": "2.0.7",
        "status": "affected"
      },
      {
        "version": "2.0.8",
        "status": "affected"
      },
      {
        "version": "2.0.9",
        "status": "affected"
      },
      {
        "version": "2.0.10",
        "status": "affected"
      },
      {
        "version": "2.0.11",
        "status": "affected"
      },
      {
        "version": "2.0.12",
        "status": "affected"
      },
      {
        "version": "2.0.13",
        "status": "affected"
      },
      {
        "version": "2.0.14",
        "status": "affected"
      },
      {
        "version": "2.0.15",
        "status": "affected"
      },
      {
        "version": "2.0.16",
        "status": "affected"
      },
      {
        "version": "2.0.17",
        "status": "affected"
      },
      {
        "version": "2.0.18",
        "status": "affected"
      },
      {
        "version": "2.0.19",
        "status": "affected"
      },
      {
        "version": "2.0.20",
        "status": "affected"
      },
      {
        "version": "2.0.21",
        "status": "affected"
      },
      {
        "version": "2.0.22",
        "status": "affected"
      },
      {
        "version": "2.0.23",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/Pai-777/ai-cve/blob/main/docs/cve-drafts/nocobase-workflow-javascript-sandbox-escape.en.md
vuldb	www.vuldb.com/vuln/357142/cti
vuldb	www.vuldb.com/vuln/357142
vuldb	www.vuldb.com/submit/785881

13 Apr 2026 21:15Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

EPSS0.00056