Which versions of Sandboxie-Plus are affected by CVE-2026-34461?

Sandboxie-Plus versions 1.17.2 and earlier contain a local privilege escalation vulnerability allowing low-privileged users to gain SYSTEM-level access through a stack buffer overflow in the SbieSvc…. A patch is available.

Sandboxie-Plus CVE-2026-34461

Q: What is the CVSS score of CVE-2026-34461?

CVE-2026-34461 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-27461 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-05 GitHub_M

RCE Buffer Overflow Microsoft Stack Overflow

7.3

CVSS 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 05, 2026 - 21:02 EUVD

Analysis Generated

May 05, 2026 - 20:30 vuln.today

CVSS changed

May 05, 2026 - 20:22 NVD

7.3 (HIGH)

DescriptionNVD

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_INI_RUN_SBIE_CTRL message is handled before normal sandbox and impersonation checks, and for non-sandboxed callers, the handler copies the trailing message payload into a fixed-size WCHAR ctrlCmd[128] stack buffer using memcpy without verifying the length fits within the buffer. The service pipe is created with a NULL DACL, allowing any local interactive process to connect and send an oversized payload to overflow the stack. This can lead to a crash of the SbieSvc service or potential code execution as SYSTEM. This issue has been fixed in version 1.17.3.

AnalysisAI

Local privilege escalation to SYSTEM in Sandboxie-Plus 1.17.2 and earlier allows low-privileged interactive users to trigger stack buffer overflow in SbieSvc service via unauthenticated IPC, bypassing sandbox isolation controls. The vulnerability exists in the RunSbieCtrl handler which processes crafted messages before security checks and copies unbounded input into a 128-character stack buffer. …

RemediationAI

Within 24 hours: Identify all systems running Sandboxie-Plus 1.17.2 or earlier via asset inventory or endpoint detection tools; immediately restrict interactive login access to low-privileged accounts on affected systems if feasible. Within 7 days: Upgrade all affected Sandboxie-Plus installations to version 1.17.3 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory