CVE-2026-6224
Received Received - Intake
Sandbox Escape Vulnerability in nocobase plugin-workflow-javascript

Publication date: 2026-04-13

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6224
EUVD
EUVD-2026-22122
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nocobase plugin-workflow-javascript to 2.0.23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-264 Permissions, Privileges, and Access Controls
CWE-265
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw found in the nocobase plugin-workflow-javascript up to version 2.0.23. It specifically affects the createSafeConsole function in the file Vm.js. The flaw causes a sandbox issue when manipulated, which means that an attacker can potentially escape or bypass the intended isolated environment.

The attack can be initiated remotely, and the exploit code has been publicly released, making it easier for attackers to use this vulnerability.

The vendor was informed early about this issue but did not respond.

Impact Analysis

This vulnerability can allow remote attackers to manipulate the sandbox environment, potentially leading to unauthorized code execution or access to restricted resources.

Because the exploit is publicly available, the risk of exploitation is higher, which could result in data breaches, system compromise, or other security incidents.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6224. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart