After being responsibly disclosed by Cyera Research Labs, a critical sandbox escape vulnerability in Grist-Core has been fixed This article explores vulnerability grist core. . With a CVSS score of 9.1, the vulnerability, known as GHSA-7xvx-8pf2-pv5g, allows attackers to execute code remotely by using malicious spreadsheet formulas that get around the platform's Pyodide WebAssembly sandbox security feature.

Deployment Risk and Attack Surface Grist-Core is a relational spreadsheet platform that helps teams create lightweight applications, model business data, and use Python formulas to automate workflows. With access to customer records, operational metrics, and integration credentials, the platform functions as a vital data hub in both SaaS and self-hosted configurations. The platform serves more than 1,000 organizations in various industry verticals and is used by government agencies, including public education institutions in France.

A successful sandbox escape in SaaS deployments results in remote code execution in the vendor-run control plane, which handles the workflows of several tenants and may reveal credentials, data access paths, and downstream systems linked to the Grist environment. Attack on Advisory ID CVSS Scores Release Date of Vector Patch Version GHSA-7xvx-8pf2-pv5g 9.1 Network (AV:N) Grist 1.7.9 January 20, 2026 Three different ways to get around Grist's blocklist-style sandbox implementation were found by Cyera Research Labs: Class Hierarchy in Python Traversal exploits warnings.catch_warnings to access full builtins, enabling direct import of the os module and execution of os.system() commands. While Pyodide restricts top-level builtins, Python’s object model provides alternate paths to the original builtins object.

Attackers can call ctypes thanks to Direct C Library Access, which takes advantage of the sandbox's ctypes availability.The system() function from libc is loaded by CDLL(None).system(), which loads exported symbols from the Emscripten runtime process. The most potent vector is Emscripten Runtime Manipulation, which uses emscripten_run_script_string() to run JavaScript in the host runtime, giving access to process.env and require('child_process') for full host compromise. On January 20, 2026, Grist released version 1.7.9, which by default moves Pyodide formula execution under Deno.

This architectural modification prevents the demonstrated escape primitives from achieving dependable host-level command execution by introducing a permission-based mediation layer that restricts sensitive capabilities unless specifically granted.

Grist users should update to version 1.7.9 right away and make sure the GRIST_PYODIDE_SKIP_DENO flag is not enabled because this configuration circumvents Deno protection and reintroduces the vulnerability. In collaborative settings, formula execution ought to be regarded as a privileged capability with limited access. By switching from blocklist-based sandbox restrictions to a principled capability-based model that significantly reduces the attack surface for formula-based exploitation, the patch represents a significant security improvement.