CVE-2026-24002: Malicious Spreadsheet Breaks Grist Sandbox, Enabling Full Server Takeover

Aegiron 10 mins0

CVE ID: CVE-2026-24002
Severity: Critical
CVSS v3.1 Score: 9.0
Attack Vector: Network
Privileges Required: None
User Interaction: Indirect (opening or processing a malicious spreadsheet)
Impact: Full server compromise (Confidentiality, Integrity, Availability)

Technical Overview

Grist is a collaborative spreadsheet platform that supports advanced formulas written in Python. To safely evaluate untrusted Python expressions submitted by users, Grist relies on sandboxing mechanisms. One of the supported sandbox execution modes uses Pyodide, a Python runtime compiled to WebAssembly, executed inside a Node.js environment.

In vulnerable configurations, the Pyodide sandbox was assumed to provide sufficient isolation between user-supplied Python code and the underlying operating system. However, when Pyodide is executed within Node.js without a hardened isolation boundary, the sandbox trust model breaks down. As a result, malicious Python expressions embedded in spreadsheet formulas can escape the intended execution context and interact directly with the host environment.

This vulnerability represents a sandbox escape, not a parsing or injection flaw. Once the sandbox boundary is bypassed, the attacker effectively gains the same execution context as the Grist server process itself.

Root Cause Analysis

The vulnerability stems from unsafe assumptions about WebAssembly isolation when Pyodide is embedded in Node.js:

  • Pyodide executes Python code via WebAssembly.
  • In browser contexts, Pyodide benefits from strong sandboxing enforced by the browser.
  • In Node.js, Pyodide relies on the host runtime for isolation.
  • Certain JavaScript bridging mechanisms, object references, or runtime bindings allow access paths that were not fully restricted.
  • This allows Python code to indirectly interact with Node.js APIs or underlying system calls.

Once access to Node.js internals is achieved, the attacker can:

  • Spawn child processes
  • Execute shell commands
  • Read/write files
  • Open network sockets

At that point, the spreadsheet evaluation engine becomes a remote command execution engine.

Exploitation Flow

  1. A malicious spreadsheet document is created.
  2. Python formulas are embedded that are crafted to abuse Pyodide’s execution context.
  3. The document is uploaded to, imported into, or opened by a Grist instance.
  4. Grist evaluates the formulas using the Pyodide sandbox flavor.
  5. The Python code escapes sandbox confinement.
  6. Arbitrary system-level commands are executed under the Grist service identity.

No authentication bypass or memory corruption is required. The exploit relies entirely on logic flaws in sandbox isolation.

Attack Surface and Preconditions

This vulnerability is exploitable only when all of the following conditions are met:

  • Grist is configured with GRIST_SANDBOX_FLAVOR=pyodide
  • Python formulas are enabled
  • An attacker can cause a malicious document to be evaluated
  • The Grist process has OS-level permissions (default service permissions are sufficient)

This makes the vulnerability particularly dangerous in:

  • Multi-tenant Grist environments
  • Public-facing Grist instances
  • Internal Grist deployments that accept spreadsheets from untrusted users

Potential Post-Exploitation Impact

Once code execution is achieved, the following actions become possible:

  • Credential theft (environment variables, API keys, database passwords)
  • Data exfiltration (spreadsheets, attachments, user data)
  • Persistence mechanisms (cron jobs, startup scripts, backdoors)
  • Lateral movement to connected services
  • Deployment of ransomware or cryptominers
  • Full denial of service by crashing or encrypting the host

Because the attack runs under the Grist service account, blast radius depends on how securely the service was deployed.

Proof-of-Concept and Exploit Availability

Public discussion and vulnerability analysis describe the sandbox escape mechanism in sufficient detail to allow knowledgeable attackers to reproduce the exploit. While no fully weaponized exploit framework is broadly distributed, exploitation does not require advanced exploitation techniques such as memory corruption or heap spraying.

For educational and defensive research purposes, the vulnerability can be demonstrated by observing unauthorized process execution triggered solely by spreadsheet formula evaluation. This confirms that the sandbox boundary is ineffective in the vulnerable configuration.

Organizations should assume that exploitation is feasible in real-world conditions.

Detection Strategy

Primary Detection Objective

Identify unexpected OS-level behavior originating from the Grist service or Node.js runtime.

Key Log Sources to Monitor

  1. Operating System Process Logs
    • Linux: auditd, execve
    • Windows: Sysmon Event ID 1
    • Container runtime process events
  2. Grist Application Logs
    • Sandbox initialization failures
    • Unexpected evaluation errors
    • Abnormal termination of sandbox workers
  3. Network Telemetry
    • Outbound connections initiated by the Grist host
    • DNS queries not normally associated with Grist
  4. File System Monitoring
    • New executable files created by the Grist process
    • Writes to /tmp, /var/tmp, or user home directories

High-Confidence Behavioral Indicators

  • Node.js process spawning shell interpreters
  • Python evaluation triggering system calls
  • Grist service launching network utilities
  • Sudden outbound traffic immediately after spreadsheet evaluation
  • Process trees where Grist → Node → Shell → Network tool

Example Detection Logic

Process Execution Correlation

IF parent_process == "node" OR parent_process == "grist"
AND child_process IN ("sh", "bash", "cmd.exe", "powershell", "curl", "wget")
THEN raise high-severity alert

Execution Context Validation

Alert if Grist service executes binaries outside its expected runtime dependencies

Document-Triggered Correlation

Correlate spreadsheet open/import events with new process creation within short time windows

MITRE ATT&CK Mapping

  • Initial Access: User-assisted execution of malicious content
  • Execution: Command and Scripting Interpreter
  • Privilege Escalation: Contextual (service-level permissions)
  • Defense Evasion: Sandbox escape
  • Persistence: Scheduled tasks or service modification
  • Exfiltration: Network-based data transfer

Mitigation and Hardening Guidance

Until patched:

  • Avoid running Grist with Pyodide sandbox mode
  • Restrict spreadsheet uploads to trusted users
  • Isolate Grist in hardened containers or VMs
  • Enforce strict outbound network controls
  • Apply mandatory access control policies (AppArmor, SELinux)

After patching:

  • Re-evaluate sandbox configuration
  • Review historical logs for signs of exploitation
  • Rotate credentials accessible to the Grist service

Official Patch / Upgrade

🔗 Grist Security Advisory and Patch:
https://github.com/gristlabs/grist-core/security/advisories/GHSA-p88j-5gfp-9857

Upgrading to the fixed version removes the vulnerable sandbox configuration and replaces it with a safer execution model.

Final Takeaway

CVE-2026-24002 is a high-impact sandbox escape that fundamentally undermines trust in spreadsheet-based Python execution when misconfigured. The vulnerability demonstrates how insufficient isolation between scripting runtimes and host environments can collapse security boundaries entirely.

Organizations running Grist should treat this issue with the same urgency as a publicly exploitable RCE. Immediate patching, configuration review, and retrospective log analysis are strongly recommended.

Aegiron

Backed by 11+ years in cybersecurity and incident response, we decode the latest threats shaping today’s digital battlefield. This blog cuts through the noise with clear insights on vulnerabilities, emerging exploits, and the cyber news defenders can’t afford to miss.