CVE-2026-34464

Exploit

EPSS 0.17%
Veröffentlicht 05.05.2026 20:16:37
Zuletzt bearbeitet 07.05.2026 19:46:41
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Sandboxie-Plus NamedPipeServer OpenHandler stack overflow via unterminated server field

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null termination. The handler only enforces a minimum packet size, and since the service pipe accepts variable-length messages, a sandboxed caller can fill the server[48] field with non-zero data and append additional controlled wide characters after the structure. wcscat then reads past the fixed field and overflows the stack buffer in the SYSTEM service. This message is restricted to sandboxed callers, making it a sandbox escape vector. This can lead to a crash of the SbieSvc service or potential code execution as SYSTEM. This issue has been fixed in version 1.17.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sandboxie-plus ≫ Sandboxie SwEditionplus Version < 1.17.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.07

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
security-advisories@github.com	8.8	0	0	CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-170 Improper Null Termination

The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-cf8x-f33g-vwfg

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-34464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-34464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-34464

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-34464