A critical security flaw has been disclosed in Grist‑Core, an
open-source, self-hosted version of the Grist relational
spreadsheet-database, that could result in remote code execution.
The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has
been codenamed Cellbreak by Cyera Research Labs. "One malicious
formula can turn a spreadsheet into a Remote Code Execution (RCE)
beachhead,"
Read more https://thehackernews.com/2026/01/critical-grist-core-vulnerability.html
