A important security flaw has been disclosed in Grist‑Core, an open-source, self-hosted model of the Grist relational spreadsheet-database, that would lead to distant code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS rating: 9.1), has been codenamed Cellbreak by Cyera Analysis Labs.
“One malicious formulation can flip a spreadsheet right into a Distant Code Execution (RCE) beachhead,” security researcher Vladimir Tokarev, who found the flaw, stated. “This sandbox escape lets a formulation writer execute OS instructions or run host‑runtime JavaScript, collapsing the boundary between ‘cell logic’ and host execution.”
Cellbreak is categorized as a case of Pyodide sandbox escape, the identical form of vulnerability that additionally just lately impacted n8n (CVE-2025-68668, CVSS rating: 9.9, aka N8scape). The vulnerability has been addressed in model 1.7.9, launched on January 9, 2026.
“A security assessment recognized a vulnerability within the ‘pyodide’ sandboxing methodology that’s out there in Grist,” the venture maintainers stated. “You’ll be able to verify in case you are affected within the sandboxing part of the Admin Panel of your occasion. Should you see ‘gvisor’ there, then you aren’t affected. Should you see ‘pyodide,’ then it is very important replace to this model of Grist or later.”
In a nutshell, the issue is rooted in Grist’s Python formulation execution, which permits untrusted formulation to be run inside Pyodide, a Python distribution that permits common Python code to be executed instantly in an internet browser throughout the confines of a WebAssembly (WASM) sandbox.
Whereas the concept behind this thought course of is to make sure that Python formulation code is run in an remoted surroundings, the truth that Grist makes use of a blocklist-style strategy makes it potential to flee the sandbox and in the end obtain command execution on the underlying host.
“The sandbox’s design permits traversal via Python’s class hierarchy and leaves ctypes out there, which collectively open entry to Emscripten runtime features that ought to by no means be reachable from a formulation cell,” Tokarev defined. “That mixture permits host command execution and JavaScript execution within the host runtime, with sensible outcomes like filesystem entry and secret publicity.”
Based on Grist, when a consumer has set GRIST_SANDBOX_FLAVOR to Pyodide and opens a malicious doc, that doc may very well be used to run arbitrary processes on the server internet hosting Grist. Armed with this functionality to execute instructions or JavaScript through a formulation, an attacker can leverage this conduct to entry database credentials and API keys, learn delicate information, and current lateral motion alternatives.
Grist has addressed the issue by transferring Pyodide formulation execution below the Deno JavaScript runtime by default. Nonetheless, it is price noting that the chance rears its head as soon as once more if an operator explicitly chooses to set GRIST_PYODIDE_SKIP_DENO to the worth “1.” The setting must be prevented in eventualities the place untrusted or semi‑trusted formulation are prone to be run.
Customers are beneficial to replace to the newest model as quickly as potential to mitigate potential dangers. To briefly mitigate the difficulty, it is suggested to set the GRIST_SANDBOX_FLAVOR surroundings variable to “gvisor.”
“This mirrors the systemic danger present in different automation platforms: a single execution floor with privileged entry can collapse organizational belief boundaries when its sandbox fails,” Tokarev stated.
“When formulation execution depends on a permissive sandbox, a single escape can flip ‘information logic’ into ‘host execution.’ The Grist-Core findings present why sandboxing must be capability-based and defense-in-depth, not a fragile blocklist. The price of failure isn’t just a bug – it’s a data-plane breach.”
