GHSA-48QW-824M-86PR: Privilege Escalation and Sandbox Escape in ArcadeDB Server
Vulnerability ID: GHSA-48QW-824M-86PR
CVSS Score: 7.7
Published: 2026-07-16
A high-severity privilege escalation and sandbox escape vulnerability exists in ArcadeDB Server prior to version 26.7.1. This flaw permits an authenticated user with read-only privileges to execute arbitrary JVM code in a sandboxed JavaScript context via the API command endpoint. By utilizing reflection on bound Java objects, an attacker can bypass the GraalVM guest environment's whitelist, access the Java ClassLoader, and perform arbitrary file reads on the host filesystem.
TL;DR
ArcadeDB Server before 26.7.1 allows authenticated users with read-only privileges to escape the GraalVM scripting sandbox using reflection on bound Java objects, resulting in arbitrary host filesystem read access.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-269 / CWE-863
- Attack Vector: Network
- CVSS: 7.7
- EPSS: Not Tracked
- Impact: Arbitrary Host File Read / Sandbox Escape
- Exploit Status: Proof-of-Concept
- KEV Status: Not Listed
Affected Systems
- ArcadeDB Server
-
ArcadeDB Server: < 26.7.1 (Fixed in:
26.7.1)
Code Analysis
Commit: 8ca396c
Gate polyglot script execution behind UPDATE_SECURITY permission and deny reflection access in GraalVM host access policy.
diff --git a/engine/src/main/java/com/arcadedb/query/polyglot/GraalPolyglotEngine.java b/engine/src/main/java/com/arcadedb/query/polyglot/GraalPolyglotEngine.java
index bf68b79760..2f2d079483 100644
--- a/engine/src/main/java/com/arcadedb/query/polyglot/GraalPolyglotEngine.java
+++ b/engine/src/main/java/com/arcadedb/query/polyglot/GraalPolyglotEngine.java
Exploit Details
- GitHub: Proof of concept exploit and advisory detail showcasing ClassLoader extraction and file read.
Mitigation Strategies
- Upgrade ArcadeDB Server to version 26.7.1 or later.
- Restrict access to the HTTP API (port 2480) via firewalls/network access control lists.
- Limit database user accounts and enforce the principle of least privilege.
Remediation Steps:
- Identify all active instances of ArcadeDB Server in the environment.
- Verify running versions to check if they are below 26.7.1.
- Back up database files and configurations.
- Apply the update to version 26.7.1.
- Verify that the /api/v1/command endpoint is restricted to authorized administrative users by testing with a read-only account.
References
Read the full report for GHSA-48QW-824M-86PR on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)