PT-2026-38104

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Aura on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Use afte...

GHSA-QQ3R-W4HJ-GJP6 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

Impact A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through the DirFS process. An attacker can gain unauthorized access to files outside the intended build root by crafting a malicious archive containing a symlink entry that points outside the build root, followed by...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through a race condition in the write process. An attacker can cause unauthorized file writes outside the intended sandbox mount root by...

OpenClaw: OpenShell FS bridge writes stay pinned to the sandbox mount root

Summary OpenShell FS bridge writes stay pinned to the sandbox mount root Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap...

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

CVE-2026-42234 n8n: Python Task Runner Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

EUVD-2026-27109

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

CVE-2026-42234 n8n: Python Task Runner Sandbox Escape

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

CVE-2026-42234

CVE-2026-42234 affects n8n, an open‑source workflow automation platform. Before versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user who can create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container....

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the inspect function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the sandbox...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the vm2.run function. An attacker can execute arbitrary commands on the host system by escaping the...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-26332

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0...

CVE-2026-24120

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in versio...

CVE-2026-24781

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been...

CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...

CVE-2026-26956

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5...