CVE-2026-32603
MEDIUMSandboxie kernel driver denial of service via malformed IOCTL from sandboxed process
Title source: cnaDescription
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, triggering an immediate kernel crash (BSOD). The vulnerability affects the Standard Sandbox configuration both with and without dropped administrator privileges, but does not affect the Security Hardened Sandbox configuration. This issue has been fixed in version 1.17.3. Users who cannot update can use the Security Hardened Sandbox configuration as a workaround.
References (2)
Core 2
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/sandboxie-plus/Sandboxie/security/advisories/GHSA-vvf8-cf4j-v8fv
X_Refsource_Misc x_refsource_misc
https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.3
Scores
CVSS v3
6.5
EPSS
0.0015
EPSS Percentile
4.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
sandboxie-plus/sandboxie
< 1.17.3
sandboxie-plus/Sandboxie
< 1.17.3
Published
May 05, 2026
Tracked Since
May 06, 2026