Vulnerability Description
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1
- https://github.com/heymrun/heym/pull/94
- https://github.com/heymrun/heym/releases/tag/v0.0.21
- https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspectio
- https://github.com/heymrun/heym/pull/94
FAQ
What is CVE-2026-45227?
CVE-2026-45227 is a vulnerability with a CVSS score of 8.8 (HIGH). Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspect...
How severe is CVE-2026-45227?
CVE-2026-45227 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-45227?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.