CVSS: -EPSS: %CPEs: 1EXPL: 0CVE-2026-3924
https://notcve.org/view.php?id=CVE-2026-3924
11 Mar 2026 — use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: -EPSS: %CPEs: 1EXPL: 0CVE-2026-3916
https://notcve.org/view.php?id=CVE-2026-3916
11 Mar 2026 — Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2026-32128 – FastGPT Python Sandbox Bypass of File-Write Restriction
https://notcve.org/view.php?id=CVE-2026-32128
11 Mar 2026 — FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guardrails are bypassable by remapping stdout (fd 1) to an arbitrary writable file descriptor using fcntl. After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restri... • https://github.com/labring/FastGPT/security/advisories/GHSA-6hw6-mxrm-v6wj • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30957 – OneUptime Synthetic Monitor RCE via exposed Playwright browser object
https://notcve.org/view.php?id=CVE-2026-30957
10 Mar 2026 — It does not require a separate vm sandbox escape. • https://github.com/OneUptime/oneuptime/releases/tag/10.0.21 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30921 – OneUptime Synthetic Monitor RCE via exposed Playwright browser object
https://notcve.org/view.php?id=CVE-2026-30921
09 Mar 2026 — This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. • https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4j36-39gm-8vq8 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3545
https://notcve.org/view.php?id=CVE-2026-3545
04 Mar 2026 — Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-27952 – Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2026-27952
26 Feb 2026 — In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. • https://github.com/Agenta-AI/agenta/security/advisories/GHSA-pmgp-2m3v-34mq • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-27976 – Zed Extension Sandbox Escape via Tar Symlink Following
https://notcve.org/view.php?id=CVE-2026-27976
25 Feb 2026 — Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validation, and the path guard (`writeable_path_from_extension`) only performs lexical prefix checks without resolving symlinks. An attacker can ship a tar that first creates a symlink inside the extension workdir pointing outside (e.g., `escape -> /`), then writes files through the symlink, causing writes to arbitrary ... • https://github.com/zed-industries/zed/security/advisories/GHSA-59p4-3mhm-qm3r • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2026-27577 – n8n: Expression Sandbox Escape Leads to RCE
https://notcve.org/view.php?id=CVE-2026-27577
25 Feb 2026 — n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. The issues have been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of ... • https://docs.n8n.io/hosting/securing/overview • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2026-27495 – n8n has a Sandbox Escape in its JavaScript Task Runner
https://notcve.org/view.php?id=CVE-2026-27495
25 Feb 2026 — n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners (default runner mode), this could result in full compromise of the n8n host. On instances using external Task Runners, the attacker might gain access to or impact other task execut... • https://docs.n8n.io/hosting/configuration/task-runners • CWE-94: Improper Control of Generation of Code ('Code Injection') •