Critical Sandbox Escape Vulnerability in NocoBase Workflow Engine Allows Root RCE
Key Takeaways
- ▸The vulnerability allows authenticated users to escape the sandbox and execute arbitrary commands as root through prototype chain traversal on the injected console object
- ▸NocoBase's require allowlist and disabled global variables were ineffective because the injected console object itself provided an unintended escape vector
- ▸The attack requires only three lines of code and grants complete access to the container environment, including sensitive environment variables and database credentials
Summary
A critical sandbox escape vulnerability (CVE-2026-34156, CVSS 10.0) has been discovered in NocoBase's Workflow JavaScript node, allowing authenticated attackers to achieve remote code execution as root. The vulnerability exploits the prototype chain of the injected console object to reach the host-realm Function constructor, bypassing the module allowlist that was intended to be the security boundary. An attacker with workflow creation or modification permissions can execute arbitrary Node.js commands within three lines of code, gaining access to the entire container environment including database credentials and filesystem.
NocoBase, an open-source no-code/low-code platform with over 22,000 GitHub stars, uses Node.js's vm module to sandbox custom JavaScript execution in its workflow engine. However, the vm module's documentation explicitly warns against using it as a security sandbox. The root cause stems from the injection of the standard Node.js console object—a host-realm object—into the sandboxed context. By traversing console._stdout.constructor.constructor, attackers can reach the host Function constructor and bypass all sandbox restrictions. The vulnerability has been patched in version 2.0.28 (released March 27, 2026), and full details were disclosed by researcher 2013xile on March 28, 2026.
- The vm module's inherent limitations made it unsuitable for this security-critical use case; no object from the host realm should have been passed into the sandbox context
- Users running NocoBase must upgrade to version 2.0.28 or later, and should audit workflow permissions for potentially compromised accounts
Editorial Opinion
This vulnerability highlights a fundamental principle in sandbox design: the vm module should never be relied upon as a security boundary, especially when host-realm objects are passed into sandboxed contexts. NocoBase's implementation made a critical architectural mistake by injecting the standard console object rather than a custom, restricted alternative. The ease of exploitation—achievable in just three lines of code by any authenticated workflow creator—demonstrates that security cannot be achieved through allowlists alone when the sandbox itself has fundamental leaks.
