HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-35482Published Modified CNA GitHub_M

CVE-2026-35482: alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The extension system is intended to execute restricted JavaScript in a sandboxed Rhino environment; however, a combination of an unguarded injected Java object (`returnClass`) and an incomplete AST blocklist allows the sandbox to be fully escaped using Java reflection without triggering any validation errors. Version 2.0-M5-2606 patches the issue.

Metrics

CVSS v3.1
8.0
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is an authenticated remote code execution (RCE) vulnerability in alf.io, an open-source ticket reservation system. An attacker with administrator-level access can craft a malicious extension script that escapes the JavaScript sandbox using Java reflection, bypassing the intended restrictions of the Rhino scripting engine, and execute arbitrary operating system commands on the host server. Successful exploitation gives full command execution on the server. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as a fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that bundle alf.io. No manual feed configuration is required to receive coverage.

Available
Triage

HarborGuard scores this finding at CVSS 8.0 (HIGH) and weights it against each environment's compliance policy to determine urgency and routing. The resulting alert is directed to the team inbox or on-call channel configured for that workload inside each customer organization.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment version 2.0-M5-2606 or a later fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered without manual intervention once that upstream version is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the alf.io service over the network; the service must be accessible from the attacker's position on the internet or internal network.

  • AuthenticationRequired

    A valid administrator account is required; any lower-privilege account is not sufficient to access the extension script engine.

  • Victim interactionNot required

    No user interaction is needed; the attacker triggers the sandbox escape entirely through their own requests.

  • Attack complexityDetail

    Exploitation involves constructing a specific Java reflection chain through the unguarded injected object, meaning some knowledge of the sandbox internals is required, though no race conditions or environment-specific memory layout factors apply.

Blast Radius

  • Executes arbitrary operating system commands on the host server, giving the attacker the same privileges as the alf.io process.
  • Reads any file accessible to that process, including database credentials, private keys, and event attendee records stored on disk or reachable via the local network.
  • Modifies or deletes server files, database contents, and configuration, including attendee registration data and payment-related records.
  • Crashes or disrupts the alf.io service and any co-located services reachable from the compromised process.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against all images in connected registries and pipelines from the moment of ingestion, with no fix version currently published upstream. HarborGuard monitors the alf.io advisory on every ingest cycle and will make a patched-image rebuild available automatically once version 2.0-M5-2606 or a later upstream release is confirmed. In the interim, compensating controls worth considering include restricting network access to the alf.io administrative interface via network policy (limiting which source IPs or internal services can reach the admin endpoints), auditing extension scripts already installed for suspicious Java reflection patterns, and using egress filtering on the alf.io container to limit what the process can reach if execution does occur. For customers with auto-remediation enabled, the full rebuild, regression test run, and PR against affected workloads will be triggered automatically once the upstream patch is available.

See how HarborGuard automates this
Affected packages
  • alfio-event / alf.io
    < 2.0-M5-2606
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
References