A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a single malicious spreadsheet formula.
The issue was uncovered by Cyera Research Labs and affects Grist’s Python formula execution layer, where untrusted formulas are evaluated inside a Pyodide WebAssembly sandbox.
The flaw has been assigned a CVSS score of 9.1 and has now been patched following coordinated disclosure with the Grist-Core security team.
How Spreadsheet Data Became an Execution Vector
Grist-Core is a programmable alternative to Excel and Google Sheets, used to model data, automate workflows and build lightweight applications.
It is deployed both as a managed software-as-a-service (SaaS) offering and in self-hosted environments, placing it close to customer records, credentials and operational systems. That positioning significantly increases the impact of any failure in execution isolation.
The vulnerability allows a formula author to escape the Pyodide sandbox and execute operating system commands or JavaScript in the host runtime. Cyera Research Labs demonstrated that Python’s object model, combined with the availability of ctypes and exposed Emscripten runtime hooks, enables traversal paths that should not be reachable from a spreadsheet cell. As a result, routine data processing becomes an execution surface.
This approach is notable because it does not resemble traditional injection attacks. The exploit is delivered as legitimate spreadsheet content and follows the same data-processing paths Grist uses to evaluate formulas. Once the boundary collapses, the spreadsheet ceases to be a passive document and instead acts as a beachhead for host-level compromise.
Read more on malicious documents: TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals
Why the SaaS Blast Radius Matters
The risk extends beyond individual servers. In managed SaaS deployments, formula execution occurs inside vendor-operated environments that hold customer data and integrations.
In that model, a sandbox escape is not just local RCE but a compromise inside the control plane that runs multiple tenants’ workflows. Grist effectively functions as a programmable data plane, sitting between SaaS systems, internal databases and operational processes.
Public information shows Grist adoption across government, including France’s public sector, more than 1000 higher-education organizations and commercial teams in marketing and game design. Cyera highlighted that these are production environments handling real operational data, not edge cases.
The vulnerability enables outcomes such as access to environment variables, sensitive configuration files and credentials, with potential for lateral movement into adjacent systems.
Grist fixed the issue in version 1.7.9 by running Pyodide under Deno by default, adding a permission-based isolation layer. Operators are advised to upgrade promptly, avoid bypassing Deno and treat formula execution as a privileged capability rather than ordinary spreadsheet content.