Cyber Resilience

CVE-2026-32640

HighRCEUpdated

Published: 16 March 2026

Published
16 March 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-32640 is a high-severity Code Injection (CWE-94) vulnerability in Danthedeckie Simpleeval. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-32640 affects SimpleEval, a Python library designed for safely evaluating expressions in projects. Prior to version 1.0.5, the library's sandboxing mechanism fails to prevent leakage of dangerous modules or objects. This occurs when user-provided objects passed as names to SimpleEval expose disallowed modules or attributes directly within the sandbox, or when dangerous functions/modules are smuggled in as callbacks to otherwise safe functions. The issue is associated with CWE-94 (Improper Control of Generation of Code) and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers require no privileges or user interaction to exploit this vulnerability over a network with low complexity. By crafting malicious expressions that leverage the leaked objects or callbacks, they can bypass sandbox restrictions and access prohibited modules or functions, potentially leading to arbitrary code execution, data exfiltration, or system compromise on the host running the vulnerable SimpleEval instance.

The vulnerability is fully addressed in SimpleEval version 1.0.5, which patches the sandbox leakage issues. Official advisories, including the GitHub security advisory at GHSA-44vg-5wv2-h2hg and a Debian LTS announcement, recommend immediate upgrading to the fixed version for all affected deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules…

more

or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. The latest version 1.0.5 has this issue fixed. This vulnerability is fixed in 1.0.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Remote unauthenticated RCE via sandbox escape in Python library enables exploitation of public-facing applications (T1190) and abuse of Python interpreter (T1059.006).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53890Shared CWE-94
CVE-2026-39891Shared CWE-94
CVE-2024-57609Shared CWE-94
CVE-2026-7466Shared CWE-94
CVE-2026-31231Shared CWE-94
CVE-2026-25481Shared CWE-94
CVE-2026-25153Shared CWE-94
CVE-2023-54345Shared CWE-94
CVE-2026-31225Shared CWE-94
CVE-2026-31220Shared CWE-94

Affected Assets

danthedeckie
simpleeval
≤ 1.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely remediation of the sandbox leakage flaw through upgrading SimpleEval to the patched version 1.0.5.

prevent

Addresses improper control of dynamically-determined object attributes by validating and sanitizing inputs to the expression evaluator, reducing risk of smuggling dangerous callbacks or objects.

prevent

Enforces least functionality by restricting the SimpleEval sandbox to only approved objects and modules, preventing leakage of dangerous attributes.

References