Share
## https://sploitus.com/exploit?id=92F10C51-99EC-5FAC-AF95-11D0B6BFF73A
# CVE-2026-34156 โ€“ NocoBase Sandbox Escape (RCE)

[![CVE-2026-34156](https://img.shields.io/badge/CVE-2026--34156-critical?style=flat&logo=common-vulnerabilities-and-exposures)](https://vulners.com/cve/CVE-2026-34156)
[![CVSS](https://img.shields.io/badge/CVSS-8.8%20(High)-orange)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
[![NocoBase](https://img.shields.io/badge/NocoBase-2.0.26-blue)](https://docs.nocobase.com/)

**Authenticated Remote Code Execution** in NocoBase versions **โ‰ค 2.0.26** via workflow sandbox escape.

## ๐Ÿ“‹ Description

CVE-2026-34156 is a sandbox escape vulnerability in the NocoBase workflow engine. An authenticated attacker can create a malicious workflow that bypasses the expression sandbox and executes arbitrary system commands on the underlying server.

- **Attack Vector** โ€“ Authenticated HTTP requests to the NocoBase API
- **Privileges Required** โ€“ Low (any valid user with workflow creation rights)
- **Impact** โ€“ Full RCE (container escape possible if running as root)

## ๐Ÿ”ง Installation

Clone the repository and install dependencies:

```bash
git clone https://github.com/0xBlackash/CVE-2026-34156.git
cd CVE-2026-34156
pip3 install requests