Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by SbieSvc but stages files in the user-writable %TEMP%\sandboxie-updater directory. After UpdUtil verifies file hashes against the signed addon manifest, install.bat extracts files.cab and executes config.exe from its contents. Between hash verification and extraction, an unprivileged user can replace files.cab with a crafted cabinet containing a malicious executable, which is then run as SYSTEM. No UAC prompt is required.
This issue has been fixed in version 1.17.3.
AnalysisAI
Sandboxie-Plus versions 1.17.2 and earlier are vulnerable to privilege escalation via a Time-of-Check-to-Time-of-Use (TOCTOU) race condition during addon installation. When a user initiates addon installation through the SandMan interface, the UpdUtil.exe process runs as SYSTEM and stages files in the user-writable %TEMP%\sandboxie-updater directory. An unprivileged local attacker can exploit the window between hash verification and file extraction to replace the addon cabinet file with a malicious executable, resulting in arbitrary code execution as SYSTEM without UAC prompts. Patch version 1.17.3 addresses this flaw; no active exploitation has been publicly confirmed, though the attack is trivially reproducible given local access and user interaction.
Technical ContextAI
Sandboxie-Plus is Windows sandbox isolation software that prevents malware from accessing the host system. The vulnerability exploits a race condition (CWE-367) in the addon installation workflow. When a user installs an addon, SbieSvc spawns UpdUtil.exe with SYSTEM privileges and stages addon files in a user-writable temporary directory (%TEMP%\sandboxie-updater). The installation process performs two distinct operations: first, UpdUtil verifies file integrity by hashing the addon cabinet against a signed manifest; second, install.bat extracts files.cab and executes the embedded config.exe. Because the temporary directory is world-writable and the file descriptor is not locked between verification and extraction, an unprivileged user with local access can atomically replace files.cab with a crafted cabinet containing arbitrary executables. When install.bat extracts and executes the malicious payload, it inherits SYSTEM privileges from the parent UpdUtil.exe process, bypassing UAC entirely. This design flaw violates the principle of secure temporary file handling.
RemediationAI
Sandboxie-Plus users must upgrade to version 1.17.3 or later, which addresses the TOCTOU race condition by securing the temporary directory and preventing file replacement between hash verification and extraction. Users on version 1.17.2 or earlier should apply the patch immediately via the application's update mechanism or by downloading the latest release from https://github.com/sandboxie-plus/Sandboxie/releases. Until patching is complete, users can implement the following compensating controls with notable trade-offs: disable addon installation functionality entirely (prevents future feature adoption but eliminates the attack surface entirely), restrict file system access to the %TEMP%\sandboxie-updater directory to the SYSTEM account only (requires elevated privileges to implement and may break user-initiated installations on multi-user systems), or institute a policy prohibiting users from installing addons from untrusted sources and educating users to only use official Sandboxie repository addons (relies on user adherence and does not prevent local privilege escalation if a trusted addon is installed). The patch is the only complete mitigation.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27468