## https://sploitus.com/exploit?id=92F10C51-99EC-5FAC-AF95-11D0B6BFF73A
# CVE-2026-34156 โ NocoBase Sandbox Escape (RCE)
[](https://vulners.com/cve/CVE-2026-34156)
[-orange)](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
[](https://docs.nocobase.com/)
**Authenticated Remote Code Execution** in NocoBase versions **โค 2.0.26** via workflow sandbox escape.
## ๐ Description
CVE-2026-34156 is a sandbox escape vulnerability in the NocoBase workflow engine. An authenticated attacker can create a malicious workflow that bypasses the expression sandbox and executes arbitrary system commands on the underlying server.
- **Attack Vector** โ Authenticated HTTP requests to the NocoBase API
- **Privileges Required** โ Low (any valid user with workflow creation rights)
- **Impact** โ Full RCE (container escape possible if running as root)
## ๐ง Installation
Clone the repository and install dependencies:
```bash
git clone https://github.com/0xBlackash/CVE-2026-34156.git
cd CVE-2026-34156
pip3 install requests