Home

Description

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.

PUBLISHED Reserved 2026-05-11 | Published 2026-05-12 | Updated 2026-05-14 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Protection Mechanism Failure

Product status

Default status
affected

Any version before 0.0.21
affected

32b7e809d987d9b018ec8daa2cdaf48f627f26f1 (git)
unaffected

Credits

Chia Min Jun Lennon finder

References

github.com/heymrun/heym/pull/94 exploit

github.com/heymrun/heym/releases/tag/v0.0.21 release-notes

github.com/heymrun/heym/pull/94 issue-tracking

github.com/...ommit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1 patch

www.vulncheck.com/...sandbox-escape-via-python-introspection third-party-advisory

cve.org (CVE-2026-45227)

nvd.nist.gov (CVE-2026-45227)

Download JSON