Buffer Overflow in Sandboxie-Plus Affects Windows Process Isolation
CVE-2026-34462

7.3HIGH

Key Information:

Vendor: Sandboxie-plus
Status: Sandboxie
Vendor: CVE Published:; 5 May 2026

🔔 Create Sandboxie-plus Vulnerability Alert

What is CVE-2026-34462?

The Sandboxie-Plus software for Windows exhibits a vulnerability due to improper handling of input buffers in the ProcessServer component. Specifically, in versions 1.17.2 and earlier, functions like KillAllHandler and RunSandboxedHandler improperly use the wcscpy function to copy data into fixed-size stack buffers without proper null termination checks. This flaw can potentially allow an attacker to exploit the service's pipe, which accepts variable-length packets, to manipulate memory, resulting in a buffer overflow. This vulnerability could lead to the crash of the SbieSvc service or unauthorized code execution at the SYSTEM level. The issue was addressed in version 1.17.3, highlighting the importance of upgrading to this version or later to ensure the security of your systems.

Affected Version(s)

Sandboxie < 1.17.3

References

https://github.com/sandboxie-plus/Sandboxie/security/advi...

x_refsource_CONFIRM

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34462 Data

JSON