Sandbox-based Isolation Vulnerability in Sandboxie-Plus Software by Sandboxie
CVE-2026-45313

7.7HIGH

Key Information:

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-45313?

Sandboxie-Plus, an open-source sandboxing tool for Windows, contains a vulnerability where the GuiServer component improperly handles attacker-supplied thread and process identifiers. Specifically, it allows the execution of arbitrary code from a sandboxed process within an unsandboxed host, due to a lack of proper validation for the thread context and the function pointer's address space during GUI_WND_HOOK_REGISTER requests. This significant flaw has been addressed in version 1.17.6, urging users to upgrade promptly to maintain system security.

Affected Version(s)

Sandboxie < 1.17.6

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.