CVE-2026-45313 Overview
CVE-2026-45313 is a sandbox escape vulnerability in Sandboxie-Plus, an open source sandbox-based isolation product for Windows. The flaw exists in the GuiServer::WndHookRegisterSlave function within Sandboxie/core/svc/GuiServer.cpp. Sandboxie-Plus stores attacker-supplied hthread and hproc fields from a GUI_WND_HOOK_REGISTER request without validating that the thread belongs to the sandboxed process or that the function pointer resides in the caller address space. A sandboxed process can abuse this to execute arbitrary code inside an unsandboxed host process running as SYSTEM. The maintainers fixed the issue in version 1.17.6.
Critical Impact
A sandboxed process can escape isolation and execute arbitrary code as SYSTEM in an unsandboxed host process, breaking the primary security boundary the product provides.
Affected Products
- Sandboxie-Plus versions prior to 1.17.6
- Sandboxie-Plus core service component (GuiServer.cpp)
- Windows systems running vulnerable Sandboxie-Plus builds
Discovery Timeline
- 2026-07-15 - CVE-2026-45313 published to the National Vulnerability Database
- 2026-07-16 - Last updated in NVD database
Technical Details for CVE-2026-45313
Vulnerability Analysis
The vulnerability categorizes as [CWE-284] Improper Access Control leading to a sandbox escape and local privilege escalation. Sandboxie-Plus uses a privileged service to broker GUI-related operations for sandboxed processes. The GuiServer::WndHookRegisterSlave handler accepts a GUI_WND_HOOK_REGISTER request from a client and records the caller-provided hthread (thread handle) and hproc (function pointer) values without validation.
When GuiServer::WndHookNotifySlave later processes the registered hook, it invokes OpenThread(THREAD_SET_CONTEXT, FALSE, whk->hthread) to obtain a thread handle, then calls QueueUserAPC((PAPCFUNC)whk->hproc, hThread, (ULONG_PTR)req->threadid). Because these calls execute in the context of the SbieSvc service running as SYSTEM, the attacker-supplied function pointer runs at SYSTEM privilege inside a host process outside the sandbox.
Root Cause
The root cause is missing validation of cross-process trust boundaries. The handler does not verify that the supplied thread ID belongs to the sandboxed caller, nor that the function pointer references executable memory in the caller's address space. Both hthread and hproc are treated as trusted input despite originating from a sandboxed, untrusted client.
Attack Vector
A process confined by Sandboxie-Plus crafts a GUI_WND_HOOK_REGISTER request that specifies a target thread ID belonging to an unsandboxed process and a hproc value pointing to attacker-controlled shellcode or a LoadLibrary-style gadget. Triggering the notification path causes the privileged service to queue a user-mode APC into that foreign thread. When the target thread enters an alertable wait, the attacker's routine executes as SYSTEM outside the sandbox, defeating the isolation guarantee.
Detection Methods for CVE-2026-45313
Indicators of Compromise
- Unexpected APCs queued into host processes originating from SbieSvc.exe after receiving traffic from sandboxed clients
- Child processes or module loads in unsandboxed processes that were initiated indirectly through the Sandboxie service
- Sandboxie-Plus installations reporting versions earlier than 1.17.6 in enterprise inventory scans
Detection Strategies
- Monitor for SbieSvc.exe interacting with threads in processes that are not registered sandbox members
- Alert on code execution in host processes where the parent activity chain traces back to a sandboxed process
- Track calls to OpenThread with THREAD_SET_CONTEXT followed by QueueUserAPC originating from the Sandboxie service against non-sandbox targets
Monitoring Recommendations
- Inventory all endpoints for Sandboxie-Plus versions and flag any build below 1.17.6
- Enable process creation and image load telemetry on hosts running Sandboxie-Plus
- Correlate sandbox escape indicators with subsequent SYSTEM-level activity such as service creation, credential access, or persistence
How to Mitigate CVE-2026-45313
Immediate Actions Required
- Upgrade Sandboxie-Plus to version 1.17.6 or later on all endpoints
- Restrict which users can launch sandboxed processes on shared or multi-user systems until patching is complete
- Audit sandbox configurations to ensure untrusted workloads are not running under vulnerable builds
Patch Information
The issue is fixed in Sandboxie-Plus 1.17.6. Refer to the GitHub Release v1.17.6 notes and the GitHub Security Advisory GHSA-rmv3-fhg3-75xh for the fix that adds validation of the supplied thread ownership and function pointer address space before invoking OpenThread and QueueUserAPC.
Workarounds
- No official workaround exists; upgrading to 1.17.6 is the supported remediation
- Stop the SbieSvc service and avoid running untrusted code under Sandboxie-Plus until the update is applied
- Limit sandboxed process execution to non-privileged interactive sessions to reduce exposure of high-value host processes
# Verify installed Sandboxie-Plus version on Windows (PowerShell)
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" |
Where-Object { $_.DisplayName -like "Sandboxie-Plus*" } |
Select-Object DisplayName, DisplayVersion
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

