EXECUTIVE SUMMARY:
The Sandboxie-Plus issue describes sandbox escape vulnerabilities that allow an attacker to break out of the isolated environment and achieve full SYSTEM-level control over the host machine. The main flaw arises from a problem in the SbieSvc proxy service where an uninitialized memory leak exposes sensitive stack data such as return addresses and stack cookies, which can be used to bypass protections like ASLR and stack guards. This is further combined with a stack buffer overflow caused by unsafe memory handling, allowing crafted input to overwrite execution flow and trigger a Return-Oriented Programming (ROP) chain. When exploited together, these weaknesses enable a complete sandbox escape and privilege escalation, even in hardened system configurations. CVE-2026-34459 with a CVSS score of 8.8 – It is an caused by unsafe IPC handling in Sandboxie-Plus SbieSvc service that leaks up to 32KB of uninitialized stack memory. The leaked data can be chained with a stack buffer overflow triggered by an unchecked memcpy operation using attacker-controlled input. Exploitation allows bypassing ASLR and /GS protections, leading to sandbox escape and SYSTEM-level privilege escalation through ROP. CVE-2026-34458 with a CVSS score of 8.8 – It is an INI injection vulnerability in Sandboxie-Plus allows improper IPC handling to inject arbitrary configuration directives into the Sandboxie.ini file. Improper CRLF sanitization in setting names and values enables attackers to bypass restrictions like EditAdminOnly and ConfigPassword and modify configuration entries. It can lead to creation of malicious sandbox sections with elevated permissions, resulting in sandbox escape and SYSTEM-level privilege escalation.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
The Sandboxie-Plus issue describes sandbox escape vulnerabilities that allow an attacker to break out of the isolated environment and achieve full SYSTEM-level control over the host machine. The main flaw arises from a problem in the SbieSvc proxy service where an uninitialized memory leak exposes sensitive stack data such as return addresses and stack cookies, which can be used to bypass protections like ASLR and stack guards. This is further combined with a stack buffer overflow caused by unsafe memory handling, allowing crafted input to overwrite execution flow and trigger a Return-Oriented Programming (ROP) chain. When exploited together, these weaknesses enable a complete sandbox escape and privilege escalation, even in hardened system configurations. CVE-2026-34459 with a CVSS score of 8.8 – It is an caused by unsafe IPC handling in Sandboxie-Plus SbieSvc service that leaks up to 32KB of uninitialized stack memory. The leaked data can be chained with a stack buffer overflow triggered by an unchecked memcpy operation using attacker-controlled input. Exploitation allows bypassing ASLR and /GS protections, leading to sandbox escape and SYSTEM-level privilege escalation through ROP. CVE-2026-34458 with a CVSS score of 8.8 – It is an INI injection vulnerability in Sandboxie-Plus allows improper IPC handling to inject arbitrary configuration directives into the Sandboxie.ini file. Improper CRLF sanitization in setting names and values enables attackers to bypass restrictions like EditAdminOnly and ConfigPassword and modify configuration entries. It can lead to creation of malicious sandbox sections with elevated permissions, resulting in sandbox escape and SYSTEM-level privilege escalation.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update Sandboxie-Plus to below version: https://github.com/sandboxie-plus/Sandboxie/releases
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/sandboxie-critical-escape-vulnerabilities-cve-2026-34459-system-privilege/