python · praisonaiCritical

praisonai: SandlockSandbox silently falls back to SubprocessSandbox when Landlock unavailable

SandlockSandbox.execute() and run_command() silently fall back to SubprocessSandbox when Landlock is unavailable, bypassing filesystem and network restrictions.

19 Jun 2026Read 1 minSeverity: act now

What changed

SandlockSandbox.execute() and run_command() silently fall back to SubprocessSandbox when Landlock is unavailable, bypassing filesystem and network restrictions.

Who it affects

Users relying on SandlockSandbox for untrusted code isolation on systems without Landlock support.

What to do today

Upgrade to a fixed version once available, or ensure Landlock is available on the host, or avoid using SandlockSandbox on systems without Landlock.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · praisonai

praisonai: SandlockSandbox silently falls back to SubprocessSandbox when Landlock unavailable

What changed

Who it affects

What to do today

More on praisonai

pypdf: Unbounded memory usage when parsing PDF without /Length

praisonai-platform: Cross-tenant integrity violation in issue endpoints