CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

CVE-2026-34464

Summary (CVE-2026-34464): Sandboxie-Plus

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

CVE-2026-34765

A flaw was found in Electron, a framework for building desktop applications. This vulnerability allows a malicious component within an Electron application to hijack an existing child window opened by another part of the application if both use the same window name. This could lead to the malicio...

CVE-2026-34765

CVE-2026-34765 : Electron prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5 has a window.open() targeting flaw where the named-window lookup is not scoped to the opener’s browsing context group. A renderer could navigate a child window opened by a different renderer if both share the same targe...

Exposure of Resource to Wrong Sphere

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or manipulate the browsin...

GHSA-F3PV-WV63-48X8 Electron: Named window.open targets not scoped to the opener's browsing context

Impact When a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If...

Electron: Named window.open targets not scoped to the opener's browsing context

Impact When a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If...

PT-2026-30918

Name of the Vulnerable Software and Affected Versions Electron versions prior to 39.8.5 Electron versions prior to 40.8.5 Electron versions prior to 41.1.0 Electron versions prior to 42.0.0-alpha.5 Description Electron did not correctly scope the named-window lookup to the opener's browsing conte...

CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

GHSA-532V-XPQ5-8H95 Electron: Use-after-free in offscreen child window paint callback

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

Electron: Use-after-free in offscreen child window paint callback

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...

PT-2026-30004

Impact Apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child dereference freed memory, which may lead to a crash or...