CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2026-26954 – SandboxJS has a Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-26954
13 Mar 2026 — Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. • https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3924
https://notcve.org/view.php?id=CVE-2026-3924
11 Mar 2026 — use after free in WindowDialog in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3916
https://notcve.org/view.php?id=CVE-2026-3916
11 Mar 2026 — Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_10.html • CWE-125: Out-of-bounds Read •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2026-32128 – FastGPT Python Sandbox Bypass of File-Write Restriction
https://notcve.org/view.php?id=CVE-2026-32128
11 Mar 2026 — In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). ... After remapping, writing via sys.stdout.write() still satisfies the seccomp rule write(fd==1), enabling arbitrary file creation/overwrite inside the sandbox container despite the intended no file writes restriction. • https://github.com/labring/FastGPT/security/advisories/GHSA-6hw6-mxrm-v6wj • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-32060 – OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths
https://notcve.org/view.php?id=CVE-2026-32060
11 Mar 2026 — When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files. • https://github.com/openclaw/openclaw/commit/5544646a09c0121fca7d7093812dc2de8437c7f1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30957 – OneUptime Synthetic Monitor RCE via exposed Playwright browser object
https://notcve.org/view.php?id=CVE-2026-30957
10 Mar 2026 — It does not require a separate vm sandbox escape. • https://github.com/OneUptime/oneuptime/releases/tag/10.0.21 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30921 – OneUptime Synthetic Monitor RCE via exposed Playwright browser object
https://notcve.org/view.php?id=CVE-2026-30921
09 Mar 2026 — This creates a distinct server-side RCE primitive: the attacker does not need the classic this.constructor.constructor(...) sandbox escape. • https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4j36-39gm-8vq8 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30887 – OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
https://notcve.org/view.php?id=CVE-2026-30887
09 Mar 2026 — By leveraging a standard prototype-chain escape (this.constructor.constructor), an attacker can bypass the sandbox, gain access to the underlying Node.js process object, and execute arbitrary system commands (RCE) on the oneuptime-probe container. • https://github.com/OneUptime/oneuptime/security/advisories/GHSA-h343-gg57-2q67 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-3545
https://notcve.org/view.php?id=CVE-2026-3545
04 Mar 2026 — Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-27952 – Agenta has Python Sandbox Escape, Leading to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2026-27952
26 Feb 2026 — In Agenta-API prior to version 0.48.1, a Python sandbox escape vulnerability existed in Agenta's custom code evaluator. ... This allowed authenticated users to bypass the sandbox and achieve arbitrary code execution on the API server. The escape path was through `numpy.ma.core.inspect`, which exposes Python's introspection utilities — including `sys.modules` — thereby providing access to unfiltered system-level functionality like `os.system`. ... The issue is fixed in v0.48.1 by ... • https://github.com/Agenta-AI/agenta/security/advisories/GHSA-pmgp-2m3v-34mq • CWE-94: Improper Control of Generation of Code ('Code Injection') •