CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22686 – Sandbox Escape via Host Error Prototype Chain in enclave-vm
https://notcve.org/view.php?id=CVE-2026-22686
13 Jan 2026 — Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. • https://github.com/agentfront/enclave/commit/ed8bc438b2cd6e6f0b5f2de321e5be6f0169b5a1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2026-0881 – Sandbox escape in the Messaging System component
https://notcve.org/view.php?id=CVE-2026-0881
13 Jan 2026 — Sandbox escape in the Messaging System component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2005845 • CWE-284: Improper Access Control CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0880 – Sandbox escape due to integer overflow in the Graphics component
https://notcve.org/view.php?id=CVE-2026-0880
13 Jan 2026 — Sandbox escape due to integer overflow in the Graphics component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2005014 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0879 – Sandbox escape due to incorrect boundary conditions in the Graphics component
https://notcve.org/view.php?id=CVE-2026-0879
13 Jan 2026 — Sandbox escape due to incorrect boundary conditions in the Graphics component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2004602 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2026-0878 – Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
https://notcve.org/view.php?id=CVE-2026-0878
13 Jan 2026 — Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. • https://bugzilla.mozilla.org/show_bug.cgi?id=2003989 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-0757 – MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2026-0757
09 Jan 2026 — This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MCP config objects. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escape the sandb... •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-68668 – n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
https://notcve.org/view.php?id=CVE-2025-68668
26 Dec 2025 — From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. • https://github.com/n8n-io/n8n/security/advisories/GHSA-62r4-hw23-cc8v • CWE-693: Protection Mechanism Failure •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14372 – openSUSE Security Advisory - openSUSE-SU-2025-20161-1
https://notcve.org/view.php?id=CVE-2025-14372
12 Dec 2025 — Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-66419 – MaxKB vulnerable to privilege escalation through sandbox bypass
https://notcve.org/view.php?id=CVE-2025-66419
11 Dec 2025 — MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0. • https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-64721 – Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise
https://notcve.org/view.php?id=CVE-2025-64721
11 Dec 2025 — Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g., 0xFFFFFFF0) wraps the allocation size, causing a heap overflow when attacker data is copied into the undersized buffer. This allows sandboxed processes to execut... • https://github.com/sandboxie-plus/Sandboxie/commit/000492f8c411d24292f1b977a107994347bc7dfa • CWE-190: Integer Overflow or Wraparound •