Heym < 0.0.21 Sandbox Escape via Python Introspection_CVE-2026-45227

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.

Basic Information

ID CVE-2026-45227

Source VulnCheck

Published May 12, 2026 at 21:18

Affected Product

Vendor heymrun

Product heym

Affected Versions heymrun heym 0

CWE Classification

CWE-693

References

{
    "lastseen": "",
    "description": "Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.",
    "published": "2026-05-12T21:18:34.901Z",
    "modified": "2026-05-12T21:18:34.901Z",
    "type": "cve",
    "title": "Heym < 0.0.21 Sandbox Escape via Python Introspection",
    "source": "VulnCheck",
    "references": "https://github.com/heymrun/heym/releases/tag/v0.0.21\nhttps://github.com/heymrun/heym/pull/94\nhttps://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1\nhttps://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection",
    "id": "CVE-2026-45227",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "heymrun heym 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "heym",
    "version": "0",
    "vendor": "heymrun",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}