A critical security flaw has been disclosed in Grist Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs. "One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,"
Published: 2026-01-27T16:06:00