#sandbox-escape
5 articles
Between late April and mid-May 2026, five sandbox-escape vulnerabilities were documented, led by CVE-2026-8954 and CVE-2026-8959, both carrying a CVSS score of 9.6. Additional critical flaws included CVE-2026-5752 (CVSS 9.3), while CVE-2026-8573 and CVE-2026-8577 were rated high at 8.8. The technology, artificial intelligence, financial services, and government sectors were most affected globally, with three critical and two high-severity CVEs in the mix.
CRITICALCVE-2026-8959: Firefox Sandbox Escape via Win32 Boundary Flaw
CVE-2026-8959 (CVSS 9.6) allows sandbox escape through incorrect boundary conditions in Firefox's Widget:Win32 component. Fixed in Firefox 151, ESR 140.11, and Thunderbird 151.
HIGHChrome 148.0.7778.168 Patches Integer Overflows, Sandbox Escape Risk
CVE-2026-8573 (CVSS 8.3) and CVE-2026-8577 (CVSS 8.8) in Chrome 148 on Windows allow sandbox escape and RCE via crafted video or HTML pages. Update now.
CRITICALAngular Expressions Sandbox Escape CVE-2026-44643 Allows RCE
CVE-2026-44643 in Angular Expressions <1.5.2 lets attackers escape the sandbox via malicious filter expressions to execute arbitrary code on the system.
HIGHGoogle Project Zero Details macOS coreaudiod Exploit Chain
Google Project Zero published exploit details for CVE-2024-54529, a type confusion in macOS coreaudiod allowing sandbox escape via knowledge-driven fuzzing.
CRITICALCohere AI Terrarium Sandbox Flaw Allows Root Code Execution,
CVE-2026-5752 (CVSS 9.3) in Cohere AI's Terrarium sandbox enables root-level code execution and container escape via JavaScript prototype chain traversal.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.