A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.
“One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” security researcher Vladimir Tokarev, who discovered the flaw, said. “This sandbox escape lets a formula author execute OS commands or run host‑runtime JavaScript, collapsing the boundary between ‘cell logic’ and host execution.”
Cellbreak is categorized as a case of Pyodide sandbox escape, the same kind of vulnerability that also recently impacted n8n (CVE-2025-68668, CVSS score: 9.9, aka N8scape). The vulnerability has been addressed in version 1.7.9, released on January 9, 2026.
“A security review identified a vulnerability in the ‘pyodide’ sandboxing method that is available in Grist,” the project maintainers said. “You can check if you are affected in the sandboxing section of the Admin Panel of your instance. If you see ‘gvisor’ there, then you are not affected. If you see ‘pyodide,’ then it is important to update to this version of Grist or later.”
In a nutshell, the problem is rooted in Grist’s Python formula execution, which allows untrusted formulas to be run inside Pyodide, a Python distribution that enables regular Python code to be executed directly in a web browser within the confines of a WebAssembly (WASM) sandbox.
While the idea behind this thought process is to ensure that Python formula code is run in an isolated environment, the fact that Grist uses a blocklist-style approach makes it possible to escape the sandbox and ultimately achieve command execution on the underlying host.
“The sandbox’s design allows traversal through Python’s class hierarchy and leaves ctypes available, which together open access to Emscripten runtime functions that should never be reachable from a formula cell,” Tokarev explained. “That combination enables host command execution and JavaScript execution in the host runtime, with practical outcomes like filesystem access and secret exposure.”
According to Grist, when a user has set GRIST_SANDBOX_FLAVOR to Pyodide and opens a malicious document, that document could be used to run arbitrary processes on the server hosting Grist. Armed with this capability to execute commands or JavaScript via a formula, an attacker can leverage this behavior to access database credentials and API keys, read sensitive files, and present lateral movement opportunities.
Grist has addressed the problem by moving Pyodide formula execution under the Deno JavaScript runtime by default. However, it’s worth noting that the risk rears its head once again if an operator explicitly chooses to set GRIST_PYODIDE_SKIP_DENO to the value “1.” The setting should be avoided in scenarios where untrusted or semi‑trusted formulas are likely to be run.
Users are recommended to update to the latest version as soon as possible to mitigate potential risks. To temporarily mitigate the issue, it’s advised to set the GRIST_SANDBOX_FLAVOR environment variable to “gvisor.”
“This mirrors the systemic risk found in other automation platforms: a single execution surface with privileged access can collapse organizational trust boundaries when its sandbox fails,” Tokarev said.
“When formula execution relies on a permissive sandbox, a single escape can turn ‘data logic’ into ‘host execution.’ The Grist-Core findings show why sandboxing needs to be capability-based and defense-in-depth, not a fragile blocklist. The cost of failure is not just a bug — it is a data-plane breach.”
