A vulnerability in Spotify’s open-source Backstage project allowed researchers to exploit virtual machine (VM) sandbox escape to perform Remote Code Execution (RCE).

Researchers discovered a vulnerability that could have allowed threat actors to exploit a VM sandbox escape using a third-party library. According to cybersecurity firm Oxeye, the critical flaw could lead to data loss if exploited.