HIGH 8.0

CVE-2026-35482: alf.io Sandbox Escape Allows Admin Command Execution

alf.io, an open-source ticketing platform for conferences and events, contains a critical sandbox escape flaw in its extension script engine. An authenticated administrator can exploit this vulnerability to run arbitrary commands on the server. The flaw stems from an improperly protected Java object exposed to the sandboxed JavaScript environment, combined with gaps in code validation that allow attackers to use Java reflection to break out of the sandbox entirely. This requires administrator credentials to exploit, but once compromised, grants complete control over the underlying server.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.0 HIGH · CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-863
Affected products
0 configuration(s)
Published / Modified
2026-06-02 / 2026-06-17

NVD description (verbatim)

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the server. The extension system is intended to execute restricted JavaScript in a sandboxed Rhino environment; however, a combination of an unguarded injected Java object (`returnClass`) and an incomplete AST blocklist allows the sandbox to be fully escaped using Java reflection without triggering any validation errors. Version 2.0-M5-2606 patches the issue.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-35482 is a sandbox escape vulnerability in alf.io versions prior to 2.0-M5-2606. The extension system uses a Rhino JavaScript engine configured to run untrusted scripts in a restricted sandbox; however, an injected Java object named `returnClass` is exposed without proper guards, and the AST (Abstract Syntax Tree) blocklist is incomplete. An authenticated administrator can chain these weaknesses through Java reflection mechanisms to escape the sandbox and execute arbitrary OS commands with server privileges. The vulnerability does not require special network conditions or user interaction beyond initial administrator authentication.

Business impact

A compromised administrator account—whether through credential theft, insider threat, or prior breach—becomes a pivot point for full server compromise. An attacker can install backdoors, exfiltrate event data and attendee information, modify ticketing records, or launch lateral attacks into the broader infrastructure. For conference organizers and event platforms, this threatens data confidentiality, event integrity, and operational continuity. Remediation requires patching before any untrusted administrator activity occurs or before credential compromise.

Affected systems

alf.io versions prior to 2.0-M5-2606 are affected. The vulnerability requires administrator-level access to the alf.io application to exploit. Any deployment of an older alf.io instance with administrative users is at risk. The open-source nature of alf.io means affected versions may be running on internal event management systems, SaaS platforms, or community deployments.

Exploitability

Exploitation is straightforward once administrator credentials are obtained, but requires that initial authentication barrier. An attacker with admin access can craft a malicious extension script that uses Java reflection to break the sandbox—no complex techniques or timing are necessary. The incomplete AST blocklist means standard reflection APIs are not filtered. The CVSS score of 8.0 (HIGH) reflects the high impact of OS-level command execution balanced against the prerequisite of administrator authentication and network accessibility.

Remediation

Upgrade alf.io to version 2.0-M5-2606 or later. This patch hardens the sandbox by properly guarding the injected Java object and completing the AST blocklist to block dangerous reflection patterns. After patching, audit administrator account activity logs for any suspicious extension script uploads or executions that occurred before the upgrade. Review administrator access permissions and rotate credentials for any accounts that may have been exposed or misused.

Patch guidance

Apply the patch to version 2.0-M5-2606 or any subsequent release. Verify the version number in your alf.io instance (typically visible in the admin interface or web UI footer). Test the upgrade in a non-production environment first to ensure compatibility with any custom extensions or configurations. Once patched, restart the alf.io service to ensure the hardened sandbox is active. If running a multi-instance deployment, prioritize patching instances with sensitive event data or high-profile events first.

Detection guidance

Monitor alf.io extension script uploads and executions. Look for administrator activity logs showing new or modified extension scripts, especially those containing suspicious patterns like references to Java classes, reflection APIs, or `returnClass` object access. Check for unexpected OS command execution originating from the alf.io application process (via system audit logs or EDR tools). Review web access logs for unusual administrative actions immediately preceding system compromise indicators. Organizations using alf.io should implement application-level logging of all extension script operations and tie that to security monitoring.

Why prioritize this

This vulnerability rates HIGH severity due to the combination of complete OS command execution capability and broad impact scope (confidentiality, integrity, availability all affected). Although it requires administrator authentication, insider threats and credential compromise are common attack vectors. The open-source and community-driven nature of alf.io means patches may be applied slowly across deployments, extending the window of exposure. Any organization running alf.io should treat patching as a priority within their standard patch window.

Risk score, explained

The CVSS 3.1 score of 8.0 (HIGH) is justified by: (1) High impact across confidentiality, integrity, and availability (C:H, I:H, A:H)—an attacker gains unrestricted OS command execution; (2) Network accessibility (AV:N)—alf.io is typically accessed over a network; (3) High privilege requirement (PR:H)—exploitation requires administrator role, which limits the attack surface but does not eliminate it; (4) Complex attack conditions (AC:H)—the attacker must craft a specific payload to trigger the sandbox escape; (5) Changed scope (S:C)—successful exploitation can affect resources beyond the vulnerable component. The score appropriately reflects a serious but not critical flaw, contingent on prior authentication or compromise.

Frequently asked questions

Do I need administrator credentials to exploit this?

Yes. The vulnerability requires authentication as an administrator within alf.io. This means an attacker must either obtain admin credentials through phishing, credential theft, insider threat, or a prior breach, or the threat must come from an untrusted internal administrator. This is an important control boundary—organizations should enforce strong access controls for administrative accounts.

Can this be exploited remotely without any user action?

No. An attacker must first authenticate to alf.io as an administrator, then upload or create a malicious extension script that triggers the sandbox escape. While the network is accessible remotely (AV:N), the prerequisite authentication step means this is not a wormable or massively scannable vulnerability.

What does patching to 2.0-M5-2606 actually fix?

The patch hardens the sandbox by removing or properly guarding the exposed `returnClass` Java object and completing the AST blocklist to block reflection-based attacks. This prevents the chain of techniques used to escape the sandbox. However, patching does not provide retroactive detection of past exploitation—organizations should audit logs for suspicious administrator activity prior to patching.

If we're not running alf.io, should we care about this?

Only if alf.io is used within your organization for event management or ticketing. alf.io is purpose-built for conferences and meetings, so exposure is limited to organizations actively using it. Check your infrastructure inventory to confirm whether alf.io is deployed.

This analysis is based on the published CVE description and CVSS vector as of the modification date. Readers should verify patch availability and version numbers against official alf.io release notes and security advisories. Organizations should test patches in non-production environments before deployment. The absence of a KEV listing does not indicate absence of real-world exploitation risk; readers should maintain their own threat intelligence and incident response capabilities. This vulnerability requires administrator authentication, but insider threats and credential compromise are common; organizations should enforce least-privilege access and multi-factor authentication for administrative accounts. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).