Lucene search
+L

8 matches found

EUVD
EUVD
added 2026/05/13 12:48 a.m.12 views

EUVD-2026-29869

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References5
NVD
NVD
added 2026/05/12 10:16 p.m.18 views

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 9:18 p.m.12 views

CVE-2026-45227 Heym < 0.0.21 Sandbox Escape via Python Introspection

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 9:18 p.m.4 views

CVE-2026-45227 Heym < 0.0.21 Sandbox Escape via Python Introspection

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.7CVSS6.2AI score0.00227EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:18 p.m.7 views

CVE-2026-45227

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/12 9:18 p.m.58 views

CVE-2026-45227 Heym < 0.0.21 Sandbox Escape via Python Introspection

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted...

8.8CVSS0.00227EPSS
Exploits0References4
CVE
CVE
added 2026/05/12 9:18 p.m.23 views

CVE-2026-45227

CVE-2026-45227 affects Heym prior to 0.0.21. A sandbox-escape in the custom Python tool executor allows authenticated workflow authors to bypass sandbox restrictions via object-graph introspection. Attackers can use Python introspection to recover the unrestricted import function, import blocked ...

8.8CVSS6.1AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2026/04/14 1:3 a.m.4 views

CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS6AI score0.00222EPSS
Exploits0References5
Rows per page
Query Builder