Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

The Hacker News
The Hacker Newsadded 2026/01/27 10:36 a.m.10 views

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 CVSS score: 9.1, has been codenamed Cellbreak by Cyera Research Lab...

9.9CVSS6.8AI score0.00035EPSS
Exploits4
RedhatCVE
RedhatCVEadded 2026/01/23 6:19 a.m.4 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS5.7AI score0.00032EPSS
Exploits0References1
NVD
NVDadded 2026/01/22 3:15 a.m.2 views

CVE-2026-24002

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9.6CVSS0.00032EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/22 2:26 a.m.23 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS0.00032EPSS
Exploits0References2
CVE
CVEadded 2026/01/22 2:26 a.m.23 views

CVE-2026-24002

CVE-2026-24002 – Grist sandbox escape vulnerability affects Grist Core (Grist open-source self-hosted spreadsheet/database). The issue arises when running formulas in the Pyodide sandbox on Node.js, where the sandbox barrier is insufficient, allowing an untrusted spreadsheet to escape to host exe...

9.6CVSS5.7AI score0.00032EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/22 2:26 a.m.4 views

CVE-2026-24002 pyodide sandbox option is insecure

Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be working with untrusted spreadsheets. One such method runs them in pyodide, but pyodide on node does not have a useful sandbox...

9CVSS5.7AI score0.00032EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/01/22 12:0 a.m.2 views

Grist injection vulnerability

Grist is a modern relational spreadsheet developed by Grist Open Source. Versions of Grist prior to 1.7.9 had an injection vulnerability, which was caused by insufficient pyodide sandbox barriers. This vulnerability could allow for the execution of arbitrary processes on the server...

9.6CVSS6.2AI score0.00032EPSS
Exploits0References2
Rows per page
Query Builder