CVE-2026-34156
Published: 31 March 2026
Summary
CVE-2026-34156 is a critical-severity Improper Control of Dynamically-Managed Code Resources (CWE-913) vulnerability in Nocobase Nocobase. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).
Deeper analysis
NocoBase is an AI-powered no-code/low-code platform for building business applications. Prior to version 2.0.28, its Workflow Script Node feature executes user-supplied JavaScript inside a Node.js vm sandbox that restricts module loading via a custom allowlist governed by the WORKFLOW_SCRIPT_MODULES environment variable. The sandbox context nevertheless injects the host-realm console object, which exposes WritableWorkerStdio streams through the non-enumerable properties console._stdout and console._stderr, enabling prototype-chain traversal that breaks out of the vm isolation.
An authenticated attacker with access to the Workflow Script Node can leverage this escape to obtain arbitrary code execution on the host as root. The vulnerability carries a CVSS 3.1 score of 9.9 and is tracked under CWE-913.
The official NocoBase security advisory GHSA-px3p-vgh9-m57c, the corresponding pull request, and the v2.0.28 release notes all state that the issue is resolved by upgrading to version 2.0.28, which removes the host-realm stream references from the sandbox context.
EPSS for the CVE currently stands at 0.3241 with a recorded peak of 0.3347; no public evidence of in-the-wild exploitation has been reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-17414
Vulnerability details
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by WORKFLOW_SCRIPT_MODULES env var). However,…
more
the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console._stdout and console._stderr. An authenticated attacker can traverse the prototype chain to escape the sandbox and achieve Remote Code Execution as root. This issue has been patched in version 2.0.28.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Enables exploitation of public-facing no-code platform (T1190) by injecting malicious JavaScript (T1059.007) to escape sandbox and escalate privileges to root RCE (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces process isolation between the Node.js vm sandbox and host realm, blocking the prototype-chain escape via console._stdout/_stderr.
Enforces access-control policy on objects passed into the sandbox context, preventing the authenticated user from reaching host WritableWorkerStdio streams.
Limits privileges of the Workflow Script Node process so that even a successful sandbox escape yields non-root execution rather than root RCE.