Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grist-Core sandbox escape fix (version 1.7.9)

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Grist released version 1.7.9 to close a critical sandbox escape in Grist-Core, reducing the risk of remote code execution from a single malicious spreadsheet formula. The patch matters because it changes formula execution isolation by running Pyodide under Deno with a permission-based isolation layer.

Related Happenings

N8n 2.0.0 security patch release for CVE-2025-68668 and CVE-2025-68613

Security Patch Release
First: 06.01.2026 07:08 Last: 06.01.2026 07:08 Sources 1

About this happening: n8n's **version 2.0.0** closes **CVE-2025-68668** and reduces **host command-execution** risk for deployments using the **Python Code Node**. The release matters because affected...

Latest development: 11.03.2026 20:21

CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities (KEV) catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch n8n instances by March 25 under BOD 22-01. The n8n team had already addressed CVE-2025-68613 in December with n8n v1.122.0, and CISA also urged other network defenders to secure affected n8n systems against ongoing exploitation as soon as possible.

Open Happening

Timeline

  1. 27.01.2026 18:45 2 articles · 4mo ago

    Grist-Core sandbox escape disclosed and fixed in version 1.7.9

    Mitigation Patch Update

    Cyera Research Labs disclosed a critical sandbox escape in Grist-Core that allows remote code execution from a single malicious spreadsheet formula inside the Python formula execution layer and Pyodide WebAssembly sandbox. Grist fixed the issue in version 1.7.9 by running Pyodide under Deno by default and adding a permission-based isolation layer, with operators advised to upgrade promptly and avoid bypassing Deno.

    Show sources
    Open in new tab