CVE-2026-32640 Overview
CVE-2026-32640 is a Code Injection vulnerability in SimpleEval, a Python library for adding evaluatable expressions into python projects. Prior to version 1.0.5, objects (including modules) can leak dangerous modules through to direct access inside the sandbox. If the objects passed in as names to SimpleEval have modules or other disallowed/dangerous objects available as attributes, attackers can exploit this to escape the sandbox. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call.
Critical Impact
This vulnerability allows attackers to escape the SimpleEval sandbox and potentially execute arbitrary code by accessing dangerous modules through object attributes or callback functions, compromising the security isolation that SimpleEval is designed to provide.
Affected Products
- danthedeckie simpleeval versions prior to 1.0.5
- Python applications using SimpleEval for expression evaluation
- Systems relying on SimpleEval's sandbox for untrusted input evaluation
Discovery Timeline
- 2026-03-16 - CVE CVE-2026-32640 published to NVD
- 2026-03-18 - Last updated in NVD database
Technical Details for CVE-2026-32640
Vulnerability Analysis
This vulnerability represents a critical sandbox escape issue in SimpleEval, classified as CWE-94 (Improper Control of Generation of Code). The library is designed to provide a safe environment for evaluating Python expressions without exposing dangerous functionality. However, the implementation failed to properly restrict access to dangerous modules and functions that could be reached through object attributes or callback mechanisms.
The fundamental issue lies in how SimpleEval handles objects passed into the evaluation context. When developers pass objects as named variables into the SimpleEval environment, the library did not adequately prevent access to potentially dangerous attributes of those objects. Python's introspective capabilities allow objects to reference their parent modules, base classes, and other connected objects through attributes like __class__, __module__, and similar magic attributes.
Root Cause
The root cause stems from insufficient attribute access controls within the SimpleEval sandbox. When user-provided objects are introduced into the evaluation namespace, their full attribute hierarchy becomes potentially accessible. Python's object model allows traversing from any object to its class, and from classes to their modules and subclasses. This creates a pathway from seemingly innocuous objects to dangerous built-in functions like os.system, subprocess.Popen, or eval.
A secondary attack vector exists through callback functions. Even when direct attribute access is restricted, an attacker could pass dangerous functions as arguments to permitted functions that accept callbacks. This allows execution of arbitrary code by leveraging the trust placed in "safe" functions that internally invoke user-supplied callable arguments.
Attack Vector
The attack occurs over the network where SimpleEval is used to evaluate expressions from untrusted sources. An attacker can craft malicious expressions that navigate through object attributes to reach dangerous modules, or supply malicious callbacks to permitted functions.
For example, an attacker might exploit an object passed to SimpleEval by traversing its __class__.__mro__ (Method Resolution Order) to reach base classes, then accessing __subclasses__() to find classes with dangerous capabilities. From there, they can instantiate objects or call methods that provide access to system commands or file operations.
The callback attack vector works by identifying functions in the allowed namespace that accept callable arguments. By providing a dangerous function as the callback, the attacker can achieve code execution when the safe function invokes the malicious callback.
Detection Methods for CVE-2026-32640
Indicators of Compromise
- Unusual expressions containing attribute chains like __class__, __mro__, __subclasses__, or __globals__
- Expressions attempting to access module-level attributes or system functions
- Callback parameters containing references to built-in dangerous functions
- Application logs showing unexpected module imports or system calls originating from expression evaluation
Detection Strategies
- Monitor SimpleEval expression logs for suspicious attribute access patterns containing Python magic methods
- Implement application-level logging to track all expressions evaluated by SimpleEval
- Use static analysis tools to identify dangerous objects being passed to SimpleEval namespaces
- Deploy runtime monitoring for unexpected system calls or file operations from Python processes using SimpleEval
Monitoring Recommendations
- Enable verbose logging for all SimpleEval evaluation operations
- Monitor for process spawning or network connections from SimpleEval-using applications
- Implement anomaly detection for expression complexity and attribute depth
- Review application dependencies to identify all SimpleEval usage points
How to Mitigate CVE-2026-32640
Immediate Actions Required
- Upgrade SimpleEval to version 1.0.5 or later immediately
- Audit all objects passed to SimpleEval namespaces for dangerous attribute exposure
- Implement additional input validation for expressions before evaluation
- Review and restrict callback usage in SimpleEval contexts
- Consider temporarily disabling expression evaluation features if immediate patching is not possible
Patch Information
The vulnerability is fixed in SimpleEval version 1.0.5. Users should update their installations using pip:
pip install --upgrade simpleeval>=1.0.5
For detailed information about the security fix, refer to the GitHub Security Advisory.
Workarounds
- Restrict the objects passed to SimpleEval to primitive types and simple data structures only
- Implement a whitelist of allowed attribute names before expressions are evaluated
- Wrap objects passed to SimpleEval in proxy classes that block access to dangerous attributes
- Avoid passing any objects with __module__ or __class__ attributes into the evaluation namespace
- Run SimpleEval evaluations in a separate process with restricted permissions
# Configuration example
# Upgrade SimpleEval to patched version
pip install simpleeval==1.0.5
# Verify installed version
pip show simpleeval | grep Version
# For requirements.txt, pin to secure version
echo "simpleeval>=1.0.5" >> requirements.txt
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
