Sandbox-Bypass

A critical command injection vulnerability exists in the `npm:praisonai` package versions >= 1.2.3 and <= 1.7.1, where the `SandboxExecutor`'s `allowedCommands` policy is bypassed by allowing arbitrary shell command chaining after an allowlisted command, leading to remote code execution with the PraisonAI process privileges.

A vulnerability in Twig versions 3.24.0 to 3.26.0 (CVE-2026-46639) allows an attacker with write access to a sandboxed Twig template to bypass security policy restrictions by exploiting object-destructuring assignment to read any public property or invoke any public getter on objects passed to the template engine.

A sandbox bypass vulnerability exists due to the `dangerouslyDisableSandbox` parameter being exposed as part of the BashTool input schema, allowing an untrusted LLM to bypass the sandbox for any command and achieve host-level code execution due to the default `allowUnsandboxedCommands: true` setting.

A high privileged user can achieve remote code execution via sandbox bypass in JetBrains YouTrack before version 2025.3.131383, identified as CVE-2026-33392, potentially leading to complete system compromise.

A critical vulnerability in Vim versions prior to 9.2.0276 allows arbitrary OS command execution via a crafted file that bypasses the modeline sandbox due to missing security checks, potentially leading to code execution.

A critical vulnerability in the openclaw npm package (<=2026.3.28) allows a heartbeat context inheritance to bypass the sandbox via senderIsOwner escalation, patched in version 2026.3.31.