{"data":{"id":"96e92dc5-0861-4552-9dc5-21f4f2b57e59","title":"GHSA-27vp-2mmc-vmh3: nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`","summary":"A sandbox escape vulnerability in nono (a sandboxing tool using Landlock/seccomp, which are Linux security features that restrict what programs can do) allows processes running inside the sandbox to break out by communicating with systemd D-Bus sockets (the inter-process communication system that manages user services). An AI agent or untrusted tool with bash access could exploit this to write files or run commands outside the sandbox with the user's permissions.","solution":"The source states: 'Support for restricting this behavior has since been added and the fix is available in the repository pending release.' However, no specific version number, patch details, or explicit mitigation steps are provided in the text.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-27vp-2mmc-vmh3","publishedAt":"2026-05-28T19:55:40.000Z","cveId":"CVE-2026-47128","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["nono-cli@< 0.55.0 (fixed: 0.55.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Aider","Claude Code","OpenCode","nono"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-28T19:55:40.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}