Description
Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, triggering an immediate kernel crash (BSOD). The vulnerability affects the Standard Sandbox configuration both with and without dropped administrator privileges, but does not affect the Security Hardened Sandbox configuration. This issue has been fixed in version 1.17.3. Users who cannot update can use the Security Hardened Sandbox configuration as a workaround.
Published: 2026-05-05
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Sandboxie kernel driver. An unprivileged process inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, causing an immediate kernel crash and resulting in a blue screen. This denial of service can be triggered even when the sandboxed process has dropped administrator privileges, but it does not affect the Security Hardened Sandbox configuration.

Affected Systems

Sandboxie software, versions 1.17.2 and older, running on Windows, is affected. The issue occurs specifically when using the Standard Sandbox configuration. The Security Hardened Sandbox configuration is not impacted.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity. Since the exploit is local and requires an unprivileged process inside the sandbox, the likelihood depends on the user running potentially malicious code within a Standard Sandbox. The vulnerability is not listed in the CISA KEV catalog and the EPSS score is not available, but the ability to force a system crash makes it a high‑impact local denial of service. The attacker can trigger this behavior by sending a crafted packet to the driver from within the sandboxed environment.

Generated by OpenCVE AI on May 5, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Sandboxie to version 1.17.3 or later, which contains the proper validation for IOCTL requests.
  • If an upgrade is not possible, enable the Security Hardened Sandbox configuration to prevent the vulnerable driver from receiving malicious IOCTLs.
  • As a temporary measure, avoid running untrusted or potentially malicious code inside a Standard Sandbox until an update can be applied.

Generated by OpenCVE AI on May 5, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Sandboxie-plus
Sandboxie-plus sandboxie
Vendors & Products Sandboxie-plus
Sandboxie-plus sandboxie

Tue, 05 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, triggering an immediate kernel crash (BSOD). The vulnerability affects the Standard Sandbox configuration both with and without dropped administrator privileges, but does not affect the Security Hardened Sandbox configuration. This issue has been fixed in version 1.17.3. Users who cannot update can use the Security Hardened Sandbox configuration as a workaround.
Title Sandboxie kernel driver denial of service via malformed IOCTL from sandboxed process
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H'}

Subscriptions

Sandboxie-plus Sandboxie
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T18:57:29.773Z

Reserved: 2026-03-12T14:54:24.269Z

Link: CVE-2026-32603

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T20:16:35.540

Modified: 2026-05-05T20:16:35.540

Link: CVE-2026-32603

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T22:30:33Z

Weaknesses