Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grist-Core Cellbreak sandbox escape (CVE-2026-24002)

Vulnerability
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

A critical Grist-Core vulnerability, CVE-2026-24002 (Cellbreak), can let malicious spreadsheet formulas trigger remote code execution on self-hosted instances. The flaw abuses the Pyodide sandbox used for formula execution and can break out to OS commands or host-runtime JavaScript. Grist addressed the issue in version 1.7.9 and recommends updating to 1.7.9 or later. Operators who still rely on the vulnerable path can temporarily reduce risk by setting GRIST_SANDBOX_FLAVOR to gvisor.

Related Happenings

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First: 13.03.2026 10:18 Last: 13.03.2026 10:18 Sources 1

About this happening: Researchers disclosed **CrackArmor**, nine **confused deputy** flaws in the **Linux kernel's AppArmor module** that can let **unprivileged users** bypass protections, gain **root*...

Open Happening

HPE OneView RondoDox exploitation wave (CVE-2025-37164)

Exploitation Wave
First: 16.01.2026 11:15 Last: 16.01.2026 11:15 Sources 1

About this happening: **RondoDox** has driven a **large-scale exploitation wave** against **HPE OneView** by targeting **CVE-2025-37164**, with activity escalating into **automated attacks** that creat...

Open Happening

N8n form-based workflow file-read flaw (CVE-2026-21858)

Vulnerability
First: 07.01.2026 15:48 Last: 07.01.2026 15:48 Sources 1

About this happening: **n8n** disclosed **CVE-2026-21858** (**CVSS 10.0**), a **maximum-severity** **Content-Type confusion** flaw in **form-based workflows** that can let an **unauthenticated remote a...

Open Happening

N8n authenticated RCE (CVE-2026-21877)

Vulnerability
First: 07.01.2026 13:26 Last: 07.01.2026 13:26 Sources 1

About this happening: **n8n** fixed **CVE-2026-21877**, a **CVSS 10.0** flaw that could let an **authenticated user** trigger **remote code execution** on affected instances. The issue impacts **self-h...

Open Happening

N8n Python Code Node sandbox bypass (CVE-2025-68668)

Vulnerability
First: 06.01.2026 07:08 Last: 06.01.2026 07:08 Sources 1

About this happening: **n8n** disclosed **CVE-2026-21858** (“**Ni8mare**”), a **CVSS 10.0** vulnerability in **form-based workflows** that can let **remote unauthenticated attackers** access files on a...

Open Happening

Timeline

  1. 27.01.2026 12:36 1 articles · 4mo ago

    Grist-Core 1.7.9 addresses Cellbreak sandbox escape

    Mitigation Patch Update

    Grist released version 1.7.9 on January 9, 2026 to address CVE-2026-24002 by moving Pyodide formula execution under the Deno JavaScript runtime by default. The maintainers also warned that setting GRIST_PYODIDE_SKIP_DENO=1 or relying on Pyodide for untrusted formulas can reintroduce the sandbox-escape risk, and they advised GRIST_SANDBOX_FLAVOR=gvisor as a temporary control.

    Show sources
    Open in new tab
  2. 27.01.2026 12:36 2 articles · 4mo ago

    Grist-Core Cellbreak vulnerability is disclosed

    Initial Disclosure

    A critical security flaw in Grist-Core, tracked as CVE-2026-24002 and codenamed Cellbreak, was disclosed on January 27, 2026 as a Pyodide sandbox escape that can let a malicious document with spreadsheet formulas run arbitrary commands or host-runtime JavaScript on a self-hosted Grist server. Grist maintainers said affected instances should update to version 1.7.9 or later, and operators can temporarily reduce risk by setting GRIST_SANDBOX_FLAVOR to gvisor.

    Show sources
    Open in new tab