CVE-2026-35482
Awaiting Analysis Awaiting Analysis - Queue

Sandbox Escape in alf.io via Rhino Java Reflection

Vulnerability report for CVE-2026-35482, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: GitHub, Inc.

Description

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The extension system is intended to execute restricted JavaScript in a sandboxed Rhino environment; however, a combination of an unguarded injected Java object (`returnClass`) and an incomplete AST blocklist allows the sandbox to be fully escaped using Java reflection without triggering any validation errors. Version 2.0-M5-2606 patches the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-07-14
AI Q&A
2026-06-03
EPSS Evaluated
2026-07-12
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
alf.io alf.io to 2.0-M5-2606 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in alf.io, an open source ticket reservation system. Before version 2.0-M5-2606, the extension script engine allowed an authenticated administrator to escape the intended sandbox environment and execute arbitrary operating system commands on the server.

The extension system was designed to run restricted JavaScript within a sandboxed Rhino environment. However, due to an unguarded injected Java object called `returnClass` and an incomplete abstract syntax tree (AST) blocklist, the sandbox could be fully escaped using Java reflection without triggering validation errors.

This means that an attacker with administrator privileges could bypass security restrictions and run any OS-level commands on the server hosting alf.io.

Impact Analysis

This vulnerability can have severe impacts because it allows an authenticated administrator to execute arbitrary operating system commands on the server.

  • Complete compromise of the server hosting alf.io.
  • Potential unauthorized access to sensitive data stored or processed by the server.
  • Disruption of services provided by alf.io, such as ticket reservations for conferences and events.
  • Possibility for attackers to install malware, create backdoors, or pivot to other parts of the network.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade alf.io to version 2.0-M5-2606 or later, as this version patches the sandbox escape issue.

Since the vulnerability allows an authenticated administrator to execute arbitrary OS commands via the extension script engine, restricting administrator access and monitoring for suspicious activity until the upgrade is applied is also advisable.

Compliance Impact

This vulnerability allows an authenticated administrator to execute arbitrary operating system commands on the server, which can lead to a complete compromise of the system's confidentiality, integrity, and availability.

Such a compromise could result in unauthorized access to sensitive data, including personal or protected health information, thereby potentially violating compliance requirements under standards like GDPR and HIPAA.

Because the vulnerability enables remote code execution with high privileges and scope change, organizations using affected versions of alf.io may face increased risk of data breaches and regulatory non-compliance if the issue is not patched.

Detection Guidance

This vulnerability can be detected by checking if your alf.io installation is running a vulnerable version (versions ≀ 2.0-M5-2509-1) and by monitoring for suspicious activity related to the extension script engine.

Specifically, the vulnerability is triggered when an extension script is saved via the POST /admin/api/extensions endpoint. An attacker can execute arbitrary OS commands using Java reflection through the injected returnClass object.

To detect exploitation attempts or verify if the vulnerability exists, you can look for unusual commands executed on the server or check logs for unexpected output in invoice number fields or extension logs.

A proof-of-concept uses the command 'id' executed via java.lang.Runtime.getRuntime().exec(), so you might search logs or outputs for this or similar commands.

Suggested commands to detect potential exploitation attempts include:

  • Check the alf.io version to confirm if it is vulnerable.
  • Monitor HTTP POST requests to /admin/api/extensions for suspicious payloads.
  • Search server logs for unusual command outputs, such as the output of 'id' or other shell commands.
  • Use commands like `grep -i 'id' /path/to/alfio/logs/*` to find evidence of command execution.
  • Audit running processes or recent commands on the server for unexpected activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35482. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart