CVE-2026-6878
Sandbox Escape Vulnerability in ByteDance verl math_equal Function
Publication date: 2026-04-23
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bytedance | verl | to 0.7.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-265 | |
| CWE-264 | Permissions, Privileges, and Access Controls |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ByteDance verl up to version 0.7.0, specifically in the function math_equal within the file prime_math/grader.py. The issue involves manipulation that leads to a sandbox escape or sandbox issue, meaning an attacker could potentially break out of restricted execution environments.
The attack can be initiated remotely, but it is considered to have a high complexity and is difficult to exploit. Despite this, a public exploit is available.
The vendor was contacted early about this vulnerability but did not respond.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to escape the sandbox environment remotely, potentially leading to unauthorized access or execution of code outside the intended restricted environment.
Because the exploit is publicly available, there is a risk that attackers could use it to compromise systems running the affected ByteDance verl versions.
However, the attack complexity is high and exploitability is difficult, which may reduce the likelihood of successful exploitation.