Notifications
Clear all
Topic starter
07/06/2026 8:12 pm
TL;DR: A Pyodide sandbox escape in Grist-Core can turn a spreadsheet formula into remote code execution, with access to host commands, environment secrets, and downstream systems in SaaS or self-hosted deployments, according to Cyera Research Labs. The real failure is assuming formula logic is harmless content when it is an execution layer.
NHIMG editorial — based on content published by Cyera: Cellbreak, Grist’s Pyodide Sandbox Escape and the Data-at-Risk Blast Radius
Questions worth separating out
Q: What breaks when spreadsheet formulas can reach host execution?
A: The spreadsheet stops being a content container and becomes an execution surface.
Q: Why do sandbox escapes create such a large risk in data workflow tools?
A: Because these tools often sit between business data, SaaS integrations, and privileged credentials.
Q: How do security teams know if a formula engine is too privileged?
A: Look for three signals: reachable host commands, access to runtime libraries or embedded hooks, and network or filesystem paths that exceed the platform’s business need.
Practitioner guidance
- Map formula execution as a privileged workload Inventory every workflow or spreadsheet platform that evaluates user-supplied formulas, then document which host capabilities, file paths, and network destinations the runtime can still reach.
- Remove easy-access secrets from execution hosts Move API keys, tokens, and service credentials out of environment variables and readable config files wherever the formula runtime can touch them.
- Constrain authorship and modification rights Limit who can create or edit formulas in collaborative workspaces, and treat imported documents as potentially hostile until they pass review.
What's in the full article
Cyera's full research covers the operational detail this post intentionally leaves for the source:
- Exact escape payloads for os.system(), ctypes.CDLL(None).system(), and emscripten_run_script_string().
- Patch behaviour in Grist 1.7.9 and the effect of running Pyodide under Deno by default.
- Deployment caveats such as GRIST_PYODIDE_SKIP_DENO=1 and what it changes in practice.
- Proof-of-concept flow from HTTP submission to wasm_worker.js evaluation and host execution.
👉 Read Cyera's analysis of the Grist Pyodide sandbox escape and blast radius →
Grist sandbox escape: what it means for data-plane security?
Explore further
07/06/2026 10:01 pm
Formula engines are part of the execution plane, not just the data plane. The moment a spreadsheet evaluates untrusted logic, it inherits the same governance burden as any privileged runtime. Cyera’s findings show that a document boundary can hide a code-execution boundary, which means shared workflow systems must be assessed as identity-adjacent execution surfaces, not as content repositories. Practitioners should classify formula authoring, formula evaluation, and connected integrations as one trust zone.
A few things that frame the scale:
- The average organisation believes more than 1 in 5 of their non-human identities are insufficiently secured, according to The 2024 ESG Report: Managing Non-Human Identities.
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, which shows the issue is already operational rather than hypothetical.
A question worth separating out:
Q: What should teams do first after a formula sandbox escape is disclosed?
A: Prioritise containment before broadening use. Patch or disable the vulnerable execution path, revoke exposed credentials, confirm which deployments are affected, and remove any secrets or integrations the runtime should not have been able to touch. Then reassess who is allowed to author formulas and how much trust the workflow tool is given.
👉 Read our full editorial: Grist Pyodide sandbox escape shows how data planes fail
