CVE-2026-49444

CVE-2026-49444 affects n8n prior to versions 1.123.48, 2.21.8, and 2.22.4 where an authenticated user with permission to create/modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. The issue is fixed in 1.123.48...

n8n: Python sandbox escape

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This issue only affects instances where the Python Task Runner is enabled. Patches The issue has bee...

NPM: n8n: Python sandbox escape

NPM: n8n: Python sandbox escape vulnerability discovered by ? in WordPress Npm n8n versions 1.123.48...

CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

GHSA-8H25-Q488-4HXW OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

Overview A critical Remote Code Execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. The issue has been fixed...

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 , is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code...

PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

CVE-2026-40158

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

CVE-2026-40158

PRAISONAI's AST-based Python sandbox (prior to 4.5.128) can be bypassed by a type.getattribute trampoline, enabling arbitrary code execution when untrusted agent code runs. The _execute_code_direct function filters dangerous attributes via AST checks, but only for ast.Attribute nodes, missing dyn...

CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the Python sandbox based on AST, which could be exploited through type.getattribute, potentially...

CVE-2026-34938

PraisonAI contains a Python sandbox escape in the execute_code() function of praisonai-agents. Prior to version 1.5.90, the three-layer sandbox can be bypassed by passing a str subclass with an overridden startswith() to the _safe_getattr wrapper, enabling arbitrary OS command execution on the ho...

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

GHSA-6VH2-H83C-9294 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...

EUVD-2026-16177

n8n has a Python sandbox escape...

UBUNTU-CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

CVE-2026-32128 FastGPT Python Sandbox Bypass of File-Write Restriction

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...

CVE-2026-32128

FastGPT’s Python Sandbox (fastgpt-sandbox) in versions 4.14.7 and earlier contains guardrails intended to block file writes (static detection + seccomp). The vulnerability arises because stdout (fd 1) can be remapped to an arbitrary writable file descriptor via fcntl. After remapping, writes thro...

EUVD-2026-11408

FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox fastgpt-sandbox includes guardrails intended to prevent file writes static detection + seccomp. These guardrails are bypassable by remapping stdout fd 1 to an arbitrary writable file descriptor using fcntl...