CVE-2026-6224: NocoBase Workflow JavaScript RCE Vulnerability

CVE-2026-6224 Overview

A sandbox escape vulnerability has been discovered in the NocoBase plugin-workflow-javascript plugin, affecting versions up to and including 2.0.23. This security flaw exists in the createSafeConsole function within the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. The vulnerability allows attackers to break out of the intended JavaScript sandbox environment, potentially leading to unauthorized code execution on the server.

Critical Impact

Remote attackers can exploit this sandbox escape vulnerability to bypass security restrictions in the workflow JavaScript execution environment, potentially gaining unauthorized access to server resources and compromising application integrity.

Affected Products

• NocoBase plugin-workflow-javascript versions up to 2.0.23
• NocoBase installations utilizing the JavaScript workflow plugin
• Self-hosted and cloud deployments running vulnerable plugin versions

Discovery Timeline

• 2026-04-13 - CVE-2026-6224 published to NVD
• 2026-04-13 - Last updated in NVD database

Technical Details for CVE-2026-6224

Vulnerability Analysis

This vulnerability is classified under CWE-264 (Permissions, Privileges, and Access Controls), indicating a fundamental flaw in how the JavaScript sandbox environment enforces security boundaries. The createSafeConsole function in the Vm.js file is designed to provide a restricted console object within the sandboxed JavaScript execution environment. However, due to improper isolation, attackers can manipulate this function to escape the sandbox constraints.

The NocoBase workflow plugin allows users to define custom JavaScript workflows that execute on the server side. To prevent malicious code execution, these scripts are intended to run within a sandboxed VM environment with limited access to Node.js primitives and system resources. The sandbox escape vulnerability undermines these protections entirely.

Root Cause

The root cause lies in improper implementation of the sandbox isolation mechanism within the createSafeConsole function. The function fails to adequately restrict access to JavaScript prototype chains or Node.js internals, allowing crafted JavaScript code to traverse object references and access privileged objects outside the sandbox boundary. This is a common pitfall in JavaScript sandbox implementations where seemingly safe objects can be used to reach unsafe contexts through prototype pollution or constructor access.

Attack Vector

The attack can be initiated remotely by any user with access to create or modify JavaScript workflow scripts in NocoBase. An attacker would craft a malicious JavaScript payload designed to exploit the sandbox escape, injecting it into a workflow definition. When the workflow executes, the malicious code breaks out of the sandbox environment, potentially allowing:

• Execution of arbitrary system commands
• Access to sensitive server-side data
• Modification of application state or database contents
• Lateral movement within the hosting infrastructure

The exploit has been publicly disclosed, and the vendor was notified but did not respond to the disclosure. Technical details are available in the GitHub CVE Draft Document.

Detection Methods for CVE-2026-6224

Indicators of Compromise

• Unexpected JavaScript workflow executions containing prototype chain traversal patterns
• Workflow logs showing attempts to access constructor, __proto__, or process objects
• Unusual server-side activity following workflow execution, such as spawned child processes
• Error logs indicating attempted access to restricted Node.js modules from workflow contexts

Detection Strategies

• Implement logging and monitoring on all JavaScript workflow executions to capture script content
• Deploy runtime application self-protection (RASP) to detect sandbox escape attempts
• Configure SentinelOne Singularity to monitor for anomalous process spawning from Node.js applications
• Review workflow definitions for suspicious JavaScript patterns including prototype manipulation

Monitoring Recommendations

• Enable verbose logging for the NocoBase workflow engine to capture all script executions
• Monitor the server process for unexpected child process creation or file system access
• Set up alerts for any attempts to access Node.js core modules from sandboxed contexts
• Utilize SentinelOne's behavioral AI to detect post-exploitation activity following sandbox escape

How to Mitigate CVE-2026-6224

Immediate Actions Required

• Disable or restrict access to the JavaScript workflow plugin until a patch is available
• Audit existing workflows for any suspicious or untrusted JavaScript code
• Limit workflow creation privileges to trusted administrators only
• Consider removing the plugin-workflow-javascript plugin if not essential to operations

Patch Information

As of the last update on 2026-04-13, no official patch has been released by the vendor. According to the vulnerability disclosure, the vendor was contacted but did not respond. Organizations should monitor the VulDB entry and NocoBase official channels for patch availability. Until a fix is released, implementing the workarounds below is strongly recommended.

Workarounds

• Disable the JavaScript workflow plugin entirely by removing it from the NocoBase installation
• Implement network segmentation to limit the blast radius if sandbox escape occurs
• Deploy Web Application Firewall (WAF) rules to filter potentially malicious workflow content
• Run NocoBase in a containerized environment with minimal privileges and restricted capabilities
• Apply the principle of least privilege to the Node.js process running NocoBase

# Disable the vulnerable plugin by removing from plugins directory
cd /path/to/nocobase
rm -rf packages/plugins/@nocobase/plugin-workflow-javascript

# Alternatively, if using Docker, run with restricted capabilities
docker run --cap-drop=ALL --cap-add=NET_BIND_SERVICE \
  --read-only --tmpfs /tmp \
  --security-opt=no-new-privileges \
  nocobase/nocobase:latest