CVE-2026-45227

HIGH 8.8

Heym < 0.0.21 Sandbox Escape via Python Introspection

CVSS Score

8.8

EPSS Score

0.0%

EPSS Percentile

0th

Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.

CWE	CWE-693
Vendor	heymrun
Product	heym
Published	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for heymrun heym

Be the first to know when new high vulnerabilities affecting heymrun heym are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

heymrun / heym

0 < 0.0.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/heymrun/heym/releases/tag/v0.0.21 github.com: https://github.com/heymrun/heym/pull/94 github.com: https://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1 vulncheck.com: https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection

Credits

Chia Min Jun Lennon