CVE-2026-32603
Analyzed Analyzed - Analysis Complete
Denial of Service in Sandboxie Kernel Driver

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: GitHub, Inc.

Description
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, triggering an immediate kernel crash (BSOD). The vulnerability affects the Standard Sandbox configuration both with and without dropped administrator privileges, but does not affect the Security Hardened Sandbox configuration. This issue has been fixed in version 1.17.3. Users who cannot update can use the Security Hardened Sandbox configuration as a workaround.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32603
EUVD
EUVD-2026-27436
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sandboxie-plus sandboxie to 1.17.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability manifests as an immediate kernel crash (Blue Screen of Death) with the error "ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY" when a malformed IOCTL is sent to the Sandboxie kernel driver.

Detection involves monitoring for unexpected BSODs related to Sandboxie, especially those triggered by sandboxed processes.

Since the issue is triggered by a malformed IOCTL to the \Device\SandboxieDriverApi driver, you can check for unusual IOCTL calls or kernel crashes in system logs.

No specific commands are provided in the available resources to detect this vulnerability directly.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-32603 is a local denial-of-service vulnerability in the Sandboxie kernel driver affecting versions 1.17.2 and earlier. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL request to the SandboxieDriverApi driver, which triggers an immediate kernel crash resulting in a Blue Screen of Death (BSOD). This vulnerability affects the Standard Sandbox configuration regardless of whether administrator privileges are dropped, but it does not affect the Security Hardened Sandbox configuration.

Impact Analysis

This vulnerability can cause the entire host operating system to crash and become unresponsive, leading to a denial of service. Since it can be triggered by any sandboxed malware or unprivileged user without requiring administrator privileges, it poses a risk of unexpected system downtime and potential data loss.

Mitigation Strategies

The primary mitigation is to update Sandboxie to version 1.17.3 or later, where this vulnerability has been fixed.

If updating is not immediately possible, users can switch to the Security Hardened Sandbox configuration, which is not affected by this vulnerability.

Avoid running untrusted or unprivileged processes inside the Standard Sandbox configuration until the update or workaround is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32603. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart