CVE-2018-18748

Name of the Vulnerable Software and Affected Versions Sandboxie version 5.26

Description The issue allows a sandbox escape via an import os statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. The vendor disputes this issue, stating that the observed behavior is consistent with the product's intended functionality.

Recommendations For Sandboxie version 5.26, as a temporary workaround, consider restricting the use of the os.system() function within sandboxed environments to minimize the risk of exploitation. Additionally, avoid using the os module in sandboxed Python scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.