CVE-2026-45313
Received Received - Intake

Sandbox Escape via Arbitrary Code Execution in Sandboxie-Plus

Vulnerability report for CVE-2026-45313, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: GitHub, Inc.

Description

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and hproc fields from a GUI_WND_HOOK_REGISTER request without validating that the thread belongs to the sandboxed process or that the function pointer is in the caller address space, and GuiServer::WndHookNotifySlave then calls OpenThread(THREAD_SET_CONTEXT, FALSE, whk->hthread) and QueueUserAPC((PAPCFUNC)whk->hproc, hThread, (ULONG_PTR)req->threadid) as SYSTEM, allowing a sandboxed process to execute arbitrary code in an unsandboxed host process. This issue is fixed in version 1.17.6.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sandboxie-plus sandboxie_plus 1.17.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Sandboxie-Plus before version 1.17.6 allows a sandboxed process to execute arbitrary code in an unsandboxed host process. The issue occurs because the GuiServer component does not validate thread ownership or function pointer addresses before using them, enabling a sandbox escape.

Impact Analysis

If exploited, this vulnerability could allow malicious code running in a sandboxed process to break out and execute with SYSTEM privileges on the host system. This could lead to full system compromise, data theft, or further malware installation.

Compliance Impact

This vulnerability could violate compliance requirements that mandate strong isolation and access controls, such as GDPR's data protection principles or HIPAA's security rules. A successful exploit may result in unauthorized access to sensitive data, triggering regulatory penalties.

Detection Guidance

This vulnerability can be detected by checking the installed version of Sandboxie-Plus. If the version is below 1.17.6, the system is vulnerable. No specific commands are provided in the context to detect exploitation attempts.

Mitigation Strategies

Immediately update Sandboxie-Plus to version 1.17.6 or later to address the vulnerability. Avoid running untrusted applications in the sandbox until the update is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45313. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart