Critical Sandboxie Escape Flaws Grant Total SYSTEM Takeover

For years, security professionals and everyday tech users alike have relied on Sandboxie as a bulletproof glass enclosure—a secure operating environment where untrusted applications can be detonated without permanently modifying local drives or the Windows registry. However, that glass has just been shattered.

Security researchers have disclosed two catastrophic vulnerabilities in the Sandboxie architecture. These flaws do not just bypass the software’s protections; they weaponize the sandbox itself, granting attackers a direct, silent path to total system takeover.

The first, and arguably most alarming, vulnerability (CVE-2026-34459) is a combination of an uninitialized memory leak and a stack buffer overflow residing in the SbieSvc proxy service.

When handling specific Inter-Process Communication (IPC) messages, a malicious sandboxed process can send an artificially inflated request that tricks the proxy server into dumping up to 32KB of its uninitialized stack memory back to the untrusted client. This is a severe architectural failure.

As the advisory states, “This massive memory dump reliably exposes return addresses (bypassing ASLR) and residual stack cookies (bypassing/GS).”

Armed with this leaked memory map, the attacker can then trigger the second phase of the attack: sending an oversized payload that perfectly restores the stack cookie while overwriting the saved return address with a malicious Return-Oriented Programming (ROP) chain.

“A sandbox escape without user interaction and privilege escalation to SYSTEM without UAC, even in Security Hardened sandboxes, represents the most severe kind of vulnerability that can affect the software,” the advisory warns.

Note on Modern Hardware Defenses: While environments utilizing Intel’s Control-flow Enforcement Technology (CET) can block the execution of the ROP chain, the 32KB memory leak remains fully exploitable, providing advanced threat actors with the necessary memory primitives to potentially engineer a CET bypass.

The second, tracked as CVE-2026-34458, this INI injection vulnerability allows any unauthenticated or standard local user to entirely bypass rigorous configuration restrictions, such as EditAdminOnly and ConfigPassword.

The flaw exists within how Sandboxie-Plus handles background service IPC messages. To allow standard users to manage their own settings without requiring administrative rights, the software skips authorization checks if a setting begins with UserSettings_. However, the functions responsible for adding or setting these configurations completely fail to sanitize the input for carriage return and line feed (CRLF) characters.

By injecting CRLF (\r\n) sequences, an attacker can manipulate the Sandboxie.ini file parsing. The advisory highlights the critical failure point: “Because the input was not sanitized, an attacker can supply a payload containing a new section header, entirely breaking out of the restricted [UserSettings_…] block.”

Upon the next configuration reload, the software parses this newly injected section, allowing the attacker to define an entirely unrestricted, malicious sandbox environment. This grants a trivial escape route leading straight to arbitrary file writes and full SYSTEM privilege escalation.

Any compromised process running inside the sandbox can leverage these exploit chains to break out and completely compromise the host operating system.

Sandboxie versions 1.17.2 and older are vulnerable. All users and enterprise administrators must immediately patch their deployments to version 1.17.3, which addresses both critical flaws.