Sandboxie-Plus Sandboxie vulnerabilities
18 known vulnerabilities affecting sandboxie-plus/sandboxie.
Total CVEs
18
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH11MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2025-64721P2CRITICALCVSS 10.0≥ 1.14.0, < 1.16.7fixed in 1.16.72025-12-11
CVE-2025-64721 [CRITICAL] CWE-190 CVE-2025-64721: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g.
nvd
CVE-2026-34458P3HIGHCVSS 8.8fixed in 1.17.32026-05-05
CVE-2026-34458 [HIGH] CWE-93 CVE-2026-34458: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions (EditAdminOnly and ConfigPassword) and inject arbitrary directives into the global Sandboxie.ini configuration file. The background service skip
nvd
CVE-2026-34459P3HIGHCVSS 8.8fixed in 1.17.32026-05-05
CVE-2026-34459 [HIGH] CWE-121 CVE-2026-34459: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieSvc proxy service's GetRawInputDeviceInfoSlave handler contains two vulnerabilities that can be chained for sandbox escape. First, when a sandboxed process sends an IPC request with cbSize set to 0, up to 32KB of uninitialized stack m
nvd
CVE-2026-34464P3HIGHCVSS 8.8fixed in 1.17.32026-05-05
CVE-2026-34464 [HIGH] CWE-121 CVE-2026-34464: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fixed WCHAR pipename[160] stack buffer using wcscat without verifying null termination. The handler only enforces a minimum packet size, and since the servic
nvd
CVE-2024-49360P3HIGHCVSS 8.4fixed in 1.14.6fixed in 5.69.6+1 more2024-11-29
CVE-2024-49360 [HIGH] CWE-22 CVE-2024-49360: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outsid
nvd
CVE-2018-18748P3CRITICALCVSS 10.0v5.262018-10-29
CVE-2018-18748 [CRITICAL] CVE-2018-18748: Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality
nvd
CVE-2026-34462P3HIGHCVSS 7.8fixed in 1.17.32026-05-05
CVE-2026-34462 [HIGH] CWE-121 CVE-2026-34462: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack buffers using wcscpy without verifying null termination. Because the servi
nvd
CVE-2025-46715P3HIGHCVSS 7.8≥ 1.3.0, < 1.15.12v>= 1.3.0, < 1.15.122025-05-22
CVE-2025-46715 [HIGH] CWE-787 CVE-2025-46715: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE reg
nvd
CVE-2025-46714P3HIGHCVSS 7.8≥ 1.3.0, < 1.15.12v>= 1.3.0, < 1.15.122025-05-22
CVE-2025-46714 [HIGH] CWE-120 CVE-2025-46714: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extremely large copy into the small allocation. Version 1.15.12 fixes the issue.
nvd
CVE-2026-34461P3HIGHCVSS 7.8fixed in 1.17.32026-05-05
CVE-2026-34461 [HIGH] CWE-121 CVE-2026-34461: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation checks, and for non-sandboxed callers, the handler copies the trailing message
nvd
CVE-2025-46713P3HIGHCVSS 7.8≥ 0.1, < 1.15.12v>= 0.0.1, , 1.15.122025-05-22
CVE-2025-46713 [HIGH] CWE-120 CVE-2025-46713: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that would lead to a smaller allocation than requested, and a buffer overflow. Version 1.15.12 fixes the i
nvd
CVE-2026-34596P3HIGHCVSS 7.0fixed in 1.17.32026-05-05
CVE-2026-34596 [HIGH] CWE-367 CVE-2026-34596: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by SbieSvc but stages files in the user-writable %TEMP%\san
nvd
CVE-2021-47831P4HIGHCVSS 7.5v5.49.72026-01-16
CVE-2021-47831 [HIGH] CWE-1284 CVE-2021-47831: Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the appli
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
nvd
CVE-2025-46716P4MEDIUMCVSS 5.5≥ 1.3.0, < 1.15.12v>= 1.3.0, < 1.15.122025-05-22
CVE-2025-46716 [MEDIUM] CWE-125 CVE-2025-46716: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, whic
nvd
CVE-2025-54422P4MEDIUMCVSS 5.5fixed in 1.16.22025-07-29
CVE-2025-54422 [MEDIUM] CWE-312 CVE-2025-54422: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating sys
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory, exposing them to potential interception. The vulnerabili
nvd
CVE-2026-32603P4MEDIUMCVSS 6.5fixed in 1.17.32026-05-05
CVE-2026-32603 [MEDIUM] CWE-20 CVE-2026-32603: Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and ear
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, triggering an immediate kernel crash (BS
nvd
CVE-2026-34527P4MEDIUMCVSS 5.3fixed in 1.17.32026-05-05
CVE-2026-34527 [MEDIUM] CWE-328 CVE-2026-34527: Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 an
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high nibble of each byte is shifted right by 8 instead of 4, which always produces zero for an 8-bit value. As a result, the stored EditPassword hash only p
nvd
CVE-2019-25551P4MEDIUMCVSS 5.5v5.302026-03-21
CVE-2019-25551 [MEDIUM] CWE-1282 CVE-2019-25551: Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the a
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application cras
nvd