Sandbox-based Isolation Vulnerability in Sandboxie-Plus Software by Sandboxie
CVE-2026-45313
7.7HIGH
What is CVE-2026-45313?
Sandboxie-Plus, an open-source sandboxing tool for Windows, contains a vulnerability where the GuiServer component improperly handles attacker-supplied thread and process identifiers. Specifically, it allows the execution of arbitrary code from a sandboxed process within an unsandboxed host, due to a lack of proper validation for the thread context and the function pointer's address space during GUI_WND_HOOK_REGISTER requests. This significant flaw has been addressed in version 1.17.6, urging users to upgrade promptly to maintain system security.
Affected Version(s)
Sandboxie < 1.17.6
