12 matches found
CVE-2026-54311
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...
CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
Code Injection
SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...
OPENSUSE-SU-2026:20393-1 Security update for python-simpleeval
This update for python-simpleeval fixes the following issues: Changes in python-simpleeval: - CVE-2026-32640: Objects including modules can leak dangerous modules through to direct access inside the sandbox bsc1259685...
Security update for python-simpleeval (important)
openSUSE Security Update: Security update for python-simpleeval Announcement ID: openSUSE-SU-2026:0086-1 Rating: important References: 1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Th...
DEBIAN-CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
PYSEC-2026-132
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...
GHSA-44VG-5WV2-H2HG SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox
Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...
PT-2026-26384
Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...
J’s Communication RevoWorks Cloud Client 安全漏洞
J's Communication RevoWorks Cloud Client is a software from J's Communication Japan for building sandboxed environments that are isolated from the customer's local environment. A security vulnerability exists in J's Communication RevoWorks Cloud Client version 3.0.91 and prior versions. An attack...