CVE-2026-34464
Stack Buffer Overflow in Sandboxie-Plus
Publication date: 2026-05-05
Last updated on: 2026-05-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sandboxie-plus | sandboxie-plus | to 1.17.3 (exc) |
| sandboxie-plus | sandboxie-plus | 1.17.3 |
| sandboxie_plus | sandboxie | to 1.17.3 (inc) |
| sandboxie_plus | sandboxie | 1.17.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-170 | The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have serious impacts including crashing the Sandboxie service or enabling an attacker to execute arbitrary code with SYSTEM-level privileges.
Since the vulnerability allows sandbox escape, an attacker who is initially confined to a restricted environment can break out and gain full control over the system, potentially leading to local privilege escalation.
- Service crashes causing denial of service.
- Arbitrary code execution as SYSTEM user.
- Sandbox escape allowing attackers to bypass security restrictions.
- Local privilege escalation on affected systems.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a stack-based buffer overflow in the Sandboxie LPC/ALPC service port, which is exposed with a NULL DACL and can be triggered by sending a malformed MSGID_NAMED_PIPE_OPEN message with an oversized server field.
Detection would involve monitoring or attempting to send crafted messages to the Sandboxie LPC/ALPC service port to identify if the service crashes or behaves unexpectedly.
Specific commands or tools to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed in Sandboxie-Plus version 1.17.3.
Immediate mitigation steps include upgrading Sandboxie-Plus to version 1.17.3 or later.
Additional recommended fixes involve validating message sizes, enforcing explicit null terminators, using bounded string operations, and checking combined path lengths before construction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34464 is a high-severity stack-based buffer overflow vulnerability in Sandboxie-Plus, a sandboxing software for Windows. The issue occurs in the NamedPipeServer::OpenHandler function, which copies a server field from a message structure into a fixed-size stack buffer without properly verifying null termination or length. This allows a sandboxed attacker to send a specially crafted message with an oversized server field, causing the buffer to overflow.
Because the service pipe accepts variable-length messages and only enforces a minimum packet size, an attacker can append controlled data beyond the expected field size. This leads to a stack buffer overflow in the SYSTEM service, which can cause the service to crash or potentially allow the attacker to execute arbitrary code with SYSTEM privileges.
This vulnerability effectively allows a sandbox escape, meaning code running in a restricted sandbox environment can break out and gain higher privileges on the system.