Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sandboxie-plus — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting sandboxie-plus. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Sandboxie-plus provides isolated environments for running untrusted applications to prevent system-wide damage. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with 17 CVEs documented. The application's security model relies on process confinement and resource restriction, though its complexity has introduced flaws. Notable incidents include multiple escape vulnerabilities that could allow sandboxed processes to access host resources, highlighting challenges in maintaining isolation boundaries. Despite these issues, the tool remains relevant for threat containment, with ongoing updates addressing discovered weaknesses.

Top products by sandboxie-plus: Sandboxie Sandboxie Plus
CVE IDTitleCVSSSeverityPublished
CVE-2026-34596 Sandboxie-Plus local privilege escalation via TOCTOU race condition in UpdUtil addon installation — SandboxieCWE-367--2026-05-05
CVE-2026-34527 Sandboxie-Plus EditPassword hash entropy reduced from 160 bits to 80 bits due to incorrect nibble extraction — SandboxieCWE-328--2026-05-05
CVE-2026-34464 Sandboxie-Plus NamedPipeServer OpenHandler stack overflow via unterminated server field — SandboxieCWE-121--2026-05-05
CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy — SandboxieCWE-121--2026-05-05
CVE-2026-34461 Sandboxie-Plus SbieIniServer RunSbieCtrl stack buffer overflow allows local privilege escalation — SandboxieCWE-121--2026-05-05
CVE-2026-34459 Sandboxie-Plus sandbox escape via uninitialized memory leak and stack overflow in GetRawInputDeviceInfoSlave — SandboxieCWE-121--2026-05-05
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly — SandboxieCWE-93--2026-05-05
CVE-2026-32603 Sandboxie kernel driver denial of service via malformed IOCTL from sandboxed process — SandboxieCWE-20--2026-05-05
CVE-2021-47883 Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path — Sandboxie PlusCWE-428 7.8 High2026-01-21
CVE-2021-47831 Sandboxie 5.49.7 - Denial of Service — SandboxieCWE-1284 7.5 High2026-01-16
CVE-2025-64721 Sandboxie's Integer Overflow in SbieIniServer::RC4Crypt allows sandbox escape and SYSTEM compromise — SandboxieCWE-190 7.8AIHighAI2025-12-11
CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change — SandboxieCWE-312 6.5AIMediumAI2025-07-29
CVE-2025-46716 Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM) — SandboxieCWE-125 5.5 Medium2025-05-22
CVE-2025-46715 Sandboxie Arbitrary Kernel Write in SbieDrv.sys API (API_GET_SECURE_PARAM) — SandboxieCWE-787 7.8 High2025-05-22
CVE-2025-46714 Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_GET_SECURE_PARAM) — SandboxieCWE-120 7.8 High2025-05-22
CVE-2025-46713 Sandboxie has Pool Buffer Overflow in SbieDrv.sys API (API_SET_SECURE_PARAM) — SandboxieCWE-120 7.8 High2025-05-22
CVE-2024-49360 Path traversal in Sandboxie — SandboxieCWE-22 9.2 Critical2024-11-29

This page lists every published CVE security advisory associated with sandboxie-plus. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.