NocoBase Critical Alert: Sandbox Escape Grants Attackers Root Access

A critical vulnerability has been unearthed in NocoBase, the AI-powered platform designed for infinite extensibility. The flaw, tracked as CVE-2026-34156, carries a maximum CVSS score of 10, indicating the highest possible level of risk to organizations utilizing the software.

The vulnerability resides within NocoBase’s Workflow Script Node, a feature that allows users to execute JavaScript within what was supposed to be a secure Node.js vm sandbox. While the platform attempted to restrict users with a custom module allowlist, it made a fatal error: it passed the host’s console object directly into the sandbox.

By doing so, the platform inadvertently exposed sensitive host-realm stream objects—specifically console._stdout and console._stderr. An authenticated attacker can leverage these objects to traverse the prototype chain, eventually reaching the host-realm Function constructor.

Once the attacker accesses the host-realm constructor, the sandbox effectively vanishes. The exploit chain allows for unrestricted module loading, culminating in Remote Code Execution (RCE) as root. The impact of this breach is total:

• Root Access: Attackers gain uid=0 privileges inside the Docker container.
• Credential Theft: Sensitive environment variables, including DB_PASSWORD and INIT_ROOT_PASSWORD, can be siphoned directly from process.env.
• File System Control: Using require(‘fs’), attackers can perform arbitrary file reads and writes.
• Network Lateral Movement: The breach confirms the ability to establish reverse shells and use outbound network access to move laterally through an organization’s internal infrastructure.

NocoBase has moved to address this vulnerability by releasing a patch. Developers and system administrators must update to version 2.0.28 immediately to mitigate this threat. All versions 2.0.27 and below are currently considered vulnerable.

Beyond updating, the security community recommends several hardened architecture changes:

• Replace the VM Module: Swap the standard Node.js vm module for isolated-vm to achieve true V8 isolate separation.
• Proxy the Console: Never pass the host’s console object into a sandbox; instead, create a clean, isolated proxy.
• Principle of Least Privilege: Ensure applications run as non-root users within Docker containers to limit the “blast radius” of a successful escape.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.