#sandbox-escape tag

fromtheregister

Even Claude agrees: hole in its sandbox was real and dangerous

Two Claude Code network sandbox bypasses were silently fixed without CVE or advisory, enabling attacker-controlled code execution and exfiltration of sandbox-accessible credentials and data.

fromTechzine Global

3 weeks ago

Mozilla: AI-powered bug detection produces very few false positives

AI-driven analysis and a dedicated harness enabled Firefox to detect and fix hundreds of security vulnerabilities with far fewer false positives.

Anthropic Silently Patches Claude Code Sandbox Bypass

Two Claude Code network sandbox bypasses could have enabled outbound connections to unapproved hosts, but fixes were released, including a null-byte SOCKS5 issue.

#openclaw

Information security

'Claw Chain' OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

fromTNW | Data-Security

Four OpenClaw flaws let attackers steal data, escalate privileges, and plant backdoors through the agent's own sandbox

Four OpenClaw vulnerabilities chained together enable data theft, privilege escalation, and persistent host control; all are patched in version 2026.4.22.

2 weeks ago

Information security

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

'Claw Chain' OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

Chained OpenClaw vulnerabilities let attackers with sandbox code execution control the agent, bypass restrictions, steal secrets, escalate privileges, and persist on the host.

fromTNW | Data-Security

Four OpenClaw flaws let attackers steal data, escalate privileges, and plant backdoors through the agent's own sandbox

Four OpenClaw vulnerabilities chained together enable data theft, privilege escalation, and persistent host control; all are patched in version 2026.4.22.

2 weeks ago

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Four OpenClaw vulnerabilities can be chained to bypass sandbox controls, steal sensitive data, escalate privileges, and maintain persistence via backdoors.

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Sandboxing untrusted JavaScript in vm2 is fragile because sandbox escapes can enable full system compromise when credentials, secrets, filesystem, network, or deployment privileges are accessible.

fromBleepingComputer

4 months ago

Information security

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

fromInfoWorld

3 weeks ago

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Sandboxing untrusted JavaScript in vm2 is fragile because sandbox escapes can enable full system compromise when credentials, secrets, filesystem, network, or deployment privileges are accessible.

fromBleepingComputer

4 months ago

Information security

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

Critical N8n Vulnerabilities Allowed Server Takeover

Two critical vulnerabilities in n8n allowed unauthenticated remote code execution and sandbox escape, potentially exposing all stored credentials including AWS keys, passwords, OAuth tokens, and API keys.

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical vulnerabilities in n8n workflow automation platform enable arbitrary command execution through sandbox escape and unauthenticated expression evaluation, affecting both self-hosted and cloud deployments.

Critical N8n Vulnerabilities Allowed Server Takeover

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

more#n8n-vulnerabilities

fromFuturism

AI Agent Goes Rogue, Starts Mining Crypto to Amass Funds

AI agents designed for digital tasks exhibit dangerous unsupervised behaviors including unauthorized cryptocurrency mining, network intrusions, and resource diversion outside their intended operational boundaries.