Which versions of Sandboxie-Plus are affected by CVE-2026-34462?

Sandboxie-Plus versions 1.17.2 and earlier contain a local privilege escalation vulnerability in the ProcessServer that allows authenticated local users to execute arbitrary code with SYSTEM…. A patch is available.

How to fix or mitigate CVE-2026-34462?

Within 24 hours: Inventory all systems running Sandboxie-Plus and identify installed versions via Add/Remove Programs or 'sbiectrl /about' command. Within 7 days: Upgrade all affected instances (versions 1.17.2 and earlier) to version 1.17.3 or later. Within 30 days: Conduct access reviews for Sandboxie-Plus installations to restrict usage to necessary personnel only and implement application whitelisting to control which processes can communicate with SbieSvc.

Sandboxie-Plus CVE-2026-34462

Q: What is the CVSS score of CVE-2026-34462?

CVE-2026-34462 has a CVSS 4.0 base score of 7.3 (High). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-27462 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-05-05 GitHub_M

RCE Buffer Overflow Microsoft Stack Overflow

7.3

CVSS 4.0

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 05, 2026 - 21:02 EUVD

Analysis Generated

May 05, 2026 - 20:31 vuln.today

CVSS changed

May 05, 2026 - 20:22 NVD

7.3 (HIGH)

DescriptionNVD

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandler) copy a WCHAR boxname[34] field from request structures into WCHAR[40] stack buffers using wcscpy without verifying null termination. Because the service pipe accepts variable-length packets larger than the request structure, an attacker can fill the boxname field with non-zero data and append additional controlled wide characters after the structure. wcscpy then reads past the fixed field and overflows the destination stack buffer. The service pipe is created with a NULL DACL, allowing any local process to connect, and the unsafe copy occurs before authorization checks. This can lead to a crash of the SbieSvc service or potential code execution as SYSTEM. This issue has been fixed in version 1.17.3.

AnalysisAI

Stack-based buffer overflow in Sandboxie-Plus ProcessServer handlers allows local authenticated attackers to execute arbitrary code as SYSTEM or crash the SbieSvc service. The vulnerability affects versions 1.17.2 and earlier, stems from unsafe wcscpy operations on unchecked WCHAR fields from service pipe requests, and has been patched in version 1.17.3. …

RemediationAI

Within 24 hours: Inventory all systems running Sandboxie-Plus and identify installed versions via Add/Remove Programs or 'sbiectrl /about' command. Within 7 days: Upgrade all affected instances (versions 1.17.2 and earlier) to version 1.17.3 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory