Grist-Core, an open-source, self-hosted version of the Grist relational spreadsheet database, has been found to have a serious security flaw that could lead to remote code execution. Cyera Research Labs has codenamed the vulnerability Cellbreak. It is tracked as CVE-2026-24002 (CVSS score: 9.1).

"One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead," stated Vladimir Tokarev, a security researcher who found the vulnerability. "This sandbox escape collapses the distinction between 'cell logic' and host execution by allowing a formula author to run host-runtime JavaScript or execute OS commands." Cellbreak is classified as a Pyodide sandbox escape case, which is the same type of vulnerability that recently affected n8n (CVE-2025-68668, CVSS score: 9.9, aka N8scape).

Version 1.7.9, which was released on January 9, 2026, fixes the vulnerability. The project maintainers stated, "A security review found a vulnerability in the 'pyodide' sandboxing method that is available in Grist." "In the sandboxing area of your instance's admin panel, you can determine whether you are impacted.

You are unaffected if you see "gvisor" there. It's crucial to update to this or a later version of Grist if you see "pyodide." In summary, the issue stems from Grist's Python formula execution, which permits the execution of untrusted formulas inside Pyodide, a Python distribution that permits the direct execution of regular Python code in a web browser inside a WebAssembly (WASM) sandbox.

Although the goal of this methodology is to guarantee that Python formula code is executed in a secure environment, Grist's use of a blocklist-style approach allows for escape from the sandbox and, eventually, command execution on the underlying host. "The sandbox's design allows traversal through Python's class hierarchy and leaves ctypes available, which together open access to Emscripten runtime functions that should never be reachable from a formula cell," Tokarev clarified.

"With useful results like filesystem access and secret exposure, that combination enables host command execution and JavaScript execution in the host runtime." Grist claims that if a user opens a malicious document with GRIST_SANDBOX_FLAVOR set to Pyodide, the document could be used to launch arbitrary processes on the server that hosts Grist. Equipped with the ability to run commands or JavaScript using a formula, an attacker can use this behavior to read sensitive files, gain access to database credentials and API keys, and create opportunities for lateral movement.

In order to solve the issue, Grist has moved Pyodide formula execution under the Deno JavaScript runtime by default.

The setting should be avoided in situations where untrusted or semi-trusted formulas are likely to be run, but it's important to note that the risk reappears if an operator specifically chooses to set GRIST_PYODIDE_SKIP_DENO to the value "1." To reduce possible risks, users are advised to update to the most recent version as soon as possible. It is recommended to set the GRIST_SANDBOX_FLAVOR environment variable to "gvisor" in order to temporarily alleviate the problem.

"When its sandbox fails, a single execution surface with privileged access can collapse organizational trust boundaries, mirroring the systemic risk found in other automation platforms," Tokarev stated.

One escape can transform "data logic" into "host execution" when formula execution depends on a permissive sandbox. The Grist-Core results demonstrate why sandboxing should be defense-in-depth and capability-based rather than a brittle blocklist. The cost of failure is a data-plane breach rather than merely a bug.