Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

Posted on January 27, 2026

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.
“One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,”

Leave a Reply Cancel reply

Related Posts

Top Kubernetes Threats in 2024 And How Amazon EKS Mitigates Them

Basic Tips To Ensure Online Safety

Ghosts in the Machine: Spook-tacular Cybersecurity Basics for October

DPRK Actors Deploy VS Code Tunnels for Remote Hacking