Tag: Sandbox Escape
-
Mozilla Crushes 50+ Vulnerabilities in Massive Firefox 148 Security Overhaul
In the latest iteration of the Firefox browser, developers have mitigated dozens of critical vulnerabilities, many of which facilitated the unauthorized execution of arbitrary code on victim systems. The transition to version 148 represents one of the most substantial security overhauls in recent history, given the sheer volume of rectified flaws. The Mozilla Foundation reported…
-
Sandbox Shattered: New n8n Critical Flaw CVE-2026-25049 Exposes AI Workflows to Full Takeover
The n8n workflow automation platform is once again embroiled in a significant security crisis. In a recently disseminated advisory, the developers disclosed a critical vulnerability that, if successfully weaponized, permits the execution of arbitrary systemic commands on the host server. This defect, designated as CVE-2026-25049 with a formidable CVSS score of 9.4, fundamentally represents a…
-
The Async Escape: Critical 9.8 Flaw in vm2 Turns JavaScript Sandboxes Into Open Gateways
A critical sandbox escape vulnerability has been unearthed within the vm2 library—a utility frequently employed as a JavaScript sanctuary for the execution of untrusted code within Node.js. This flaw, designated as CVE-2026-22709 with a formidable CVSS score of 9.8, permits an adversary to orchestrate Remote Code Execution (RCE) on the host system, effectively transmuting a…
-
Automation or Infiltration? The JFrog Discoveries Breaking n8n’s Security Sandboxes
A team of cybersecurity experts has unearthed two critically severe vulnerabilities within the n8n workflow automation platform. Both flaws permit authenticated users to execute arbitrary code on the target system, potentially facilitating a comprehensive takeover of the entire platform. The anomalies were identified by researchers at JFrog. The first, designated as CVE-2026-1470 with a near-perfect…
-
Automation Crisis: Critical 9.9 CVSS Flaw Exposes 103K n8n Instances to Full Takeover
A critical vulnerability in the globally used workflow automation platform n8n allows attackers to execute arbitrary code remotely. Tracked as CVE-2025-68613, the flaw carries an exceptionally high CVSS score of 9.9 out of 10. Under certain conditions, it enables full system compromise, including access to sensitive data and the ability to alter existing workflows or…
-
Emergency Chrome Update: Google Patches Actively Exploited Zero-Day Allowing Sandbox Escape
Google has released an emergency update for its Chrome browser, addressing six security vulnerabilities—one of which is already being actively exploited in the wild. The flaws affect critical components related to Chrome’s graphics engine and pose a significant threat by enabling potential escape from the browser’s sandboxing mechanism, which is designed to isolate Chrome processes…