A critical security flaw has been disclosed in Grist‑Core, an open source self-hosted version of the Grist relational spreadsheet database, that could allow remote code execution.
This vulnerability is tracked as CVE-2026-24002 (CVSS score: 9.1) and codenamed “Cellbreak” by Cyera Research Labs.
“A malicious formula could turn a spreadsheet into a remote code execution (RCE) beachhead,” said security researcher Vladimir Tokarev, who discovered the flaw. “This sandbox escape allows formula authors to execute OS commands or execute host runtime JavaScript, collapsing the boundaries between ‘cell logic’ and host execution.”
Cellbreak is classified as a case of Pyodide sandbox escape. This is the same type of vulnerability that also recently affected n8n (CVE-2025-68668, CVSS score: 9.9, aka N8scape). This vulnerability was resolved in version 1.7.9, released on January 9, 2026.
“A security review identified a vulnerability in the ‘pyodide’ sandboxing method available in Grist,” project administrators said. “You can check to see if you’re affected in the sandbox section of your instance’s admin panel. If you see ‘gvisor’ there, you’re not affected. If you see “pyodide”, it is important to update to this version of Grist or later.
In a nutshell, the root of this problem lies in Grist’s execution of Python expressions. This allows untrusted expressions to be executed within Pyodide. Pyodide is a Python distribution that allows you to run regular Python code directly in your web browser within the WebAssembly (WASM) sandbox.
The idea behind this thought process is to ensure that Python-style code runs in an isolated environment, but the fact that Grist uses a blocklist-style approach makes it possible to escape the sandbox and ultimately execute commands on the underlying host.
“The sandbox design allows traversal of Python’s class hierarchy and makes ctypes available. This provides access to Emscripten runtime functions that are not accessible from formula cells,” Tokarev explained. “This combination allows host command execution and JavaScript execution in the host runtime, with practical consequences such as file system access and security disclosure.”
According to Grist, if a user opens a malicious document with GRIST_SANDBOX_FLAVOR set to Pyodide, that document can be used to run arbitrary processes on the server hosting Grist. An attacker with this ability to execute commands or JavaScript via an expression can use this behavior to access database credentials and API keys, read sensitive files, and provide opportunities for lateral movement.
Grist addressed this issue by moving execution of Pyodide expressions under the Deno JavaScript runtime by default. Note, however, that the risk resurfaces if the operator explicitly chooses to set GRIST_PYODIDE_SKIP_DENO to the value ‘1’. This setting should be avoided in scenarios where untrusted or semi-reliable expressions may be executed.
To reduce potential risks, users are encouraged to update to the latest version as soon as possible. To temporarily alleviate this issue, we recommend setting the GRIST_SANDBOX_FLAVOR environment variable to ‘gvisor’.
“This reflects a systemic risk seen in other automation platforms: a single execution surface with privileged access can disrupt an organization’s trust boundaries in the event of a sandbox failure,” Tokarev said.
“If formula execution relies on a permissive sandbox, a single escape can turn “data logic” into “host execution.” Grist-Core’s findings demonstrate why sandboxing needs to be feature-based and defense-in-depth, rather than a brittle blocklist. The cost of failure is not just a bug, but a data plane compromise. ”
Source link
