LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-34156

CVE-2026-34156 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: April 1, 2026

NocoBase - Sandbox Escape to Remote Code Execution

Published: March 31, 2026Updated: April 1, 2026Remote Exploitable

Overview

NocoBase Workflow Script Node executes user-supplied JavaScript in a Node.js vm sandbox with a custom require allowlist. An authenticated attacker can escape the sandbox via prototype chain traversal to achieve remote code execution as root.

Severity & Score

Severity: Critical
CVSS Score: 9.9
EPSS Score: 576.2%(Probability of exploitation in next 30 days)

Mitigation

Upgrade to NocoBase version 2.0.28 or later. Replace Node.js vm module with isolated-vm for true V8 isolate separation. Do not pass the host console object into the sandbox. Run the application as a non-root user inside Docker. Restrict /api/flow_nodes:test to admin-only roles.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Apr 6, 2026

📈 CVE Published in last 7 days (2026-03-30 - 2026-04-06) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1282 Severity: - Critical: 134 - High: 375 - Medium: 561 - Low: 63 - None: 149 Status: - : 54 - Analyzed: 257 - Awaiting Analysis: 410 - Modified: 9 - Received: 265 - Rejected: 7 - Undergoing Analysis: 280 Top CNAs: - GitHub, Inc.: 374 - VulDB: 165 - VulnCheck: 147 - MITRE: 109 - kernel.org: 91 - N/A: 54 - Wordfence: 43 - Chrome: 21 - IBM Corporation: 17 - Cisco Systems, Inc.: 16 Top Affected Products: - UNKNOWN: 933 - Endian Firewall: 30 - Openclaw: 24 - Google Chrome: 21 - Seppmail Secure Email Gateway: 14 - Apple Macos: 13 - Wwbn Avideo: 13 - Ahsanriaz26gmailcom Sales And Inventory System: 11 - Xenforo: 10 - Parseplatform Parse-server: 9 Top EPSS Score: - CVE-2026-4257 - 15.83 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4257) - CVE-2026-34156 - 5.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34156) - CVE-2026-4020 - 4.49 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4020) - CVE-2026-5281 - 3.03 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5281) - CVE-2026-5176 - 2.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5176) - CVE-2026-34453 - 2.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-34453) - CVE-2026-5102 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5102) - CVE-2026-5103 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5103) - CVE-2026-5104 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5104) - CVE-2026-5105 - 1.63 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-5105)

View original post

GitHub Repositories(2 repos)

Related Resources

Details

CVE ID
CVE-2026-34156
Severity
Critical
CVSS Score
9.9
Type
sandbox_escape
Status
unconfirmed
EPSS
576.2%
Nuclei
Available
Social Posts
1

CWE

  • CWE-913

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

576.2%Probability of exploitation in the next 30 days

Nuclei Template

View Nuclei Template