Campus France A.I CyberSecurity Scoring
Campus France
Company Information
Website:http://www.campusfrance.org
Employees number:595
Number of followers:2,000
NAICS:6113
Industry Type:Higher Education
Homepage:campusfrance.org
Campus France Risk Score (AI oriented)
Between 750 and 799
Campus FranceHigher Education
Updated:
10/03/2026
10/03/2026
758/1000
Fair
Baa
Campus France Global Score (TPRM)
xxxx
Campus FranceHigher Education
Score locked

Campus FranceFair
Current Score
758Baa (FAIR)
01000
1 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
755
JUNE 2026
754
MAY 2026
754
APRIL 2026
754
MARCH 2026
758
FEBRUARY 2026
757
JANUARY 2026
777
Vulnerability
20 Jan 2026 • Campus France
Grist-Core and France’s public sector educational institutions: Grist-Core Vulnerability Enables Malicious Remote Code Execution via Crafted Spreadsheet Formulas
Critical Sandbox Escape Flaw in Grist-Core Patched After Disclosure by Cyera Research Labs
757
CRITICAL-20
GRICAM1769683332
Critical Sandbox Escape Flaw in Grist-Core Patched After Disclosure by Cyera Research Labs
A high-severity sandbox escape vulnerability in Grist-Core, tracked as GHSA-7xvx-8pf2-pv5g (CVSS 9.1), has been patched following responsible disclosure by Cyera Research Labs. The flaw allowed attackers to achieve remote code execution (RCE) by exploiting malicious spreadsheet formulas that bypassed the platform’s Pyodide WebAssembly sandbox, exposing sensitive data and downstream systems.
### Vulnerability Details & Impact
Grist-Core, a relational spreadsheet platform, is used by over 1,000 organizations, including France’s public sector educational institutions, to model business data, automate workflows, and integrate Python-based formulas. The platform operates in SaaS and self-hosted configurations, making it a critical data hub with access to customer records, operational metrics, and integration credentials.
In SaaS deployments, a successful exploit could lead to RCE within the vendor’s control plane, potentially compromising multi-tenant workflows, credentials, and connected systems.
### Exploit Vectors & Patch
Cyera Research Labs identified three distinct sandbox escape methods:
1. Python Class Hierarchy Traversal – Exploited `warnings.catch_warnings` to access full built-ins, enabling direct imports of the `os` module and command execution via `os.system()`.
2. Direct C Library Access – Leveraged `ctypes` to call `ctypes.CDLL(None).system()`, loading the `system()` function from libc via the Emscripten runtime.
3. Emscripten Runtime Manipulation – Used `emscripten_run_script_string()` to execute JavaScript in the host runtime, gaining access to `require('child_process')` and `process.env` for full host compromise.
Grist released version 1.7.9 on January 20, 2026, addressing the issue by migrating Pyodide formula execution under Deno by default. This introduces a permission-based mediation layer, blocking sensitive operations unless explicitly granted. Organizations must ensure the `GRIST_PYODIDE_SKIP_DENO` flag is disabled, as enabling it reintroduces the vulnerability.
The patch shifts Grist’s security model from a blocklist-based sandbox to a capability-based approach, significantly reducing the risk of formula-based exploitation.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
777
NOVEMBER 2025
777
OCTOBER 2025
777
SEPTEMBER 2025
777
AUGUST 2025
777
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Campus France ??
What was Campus France's A.I Rankiteo Cyber Score in June 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in May 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in April 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in March 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in February 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in January 2026 ??
What was Campus France's A.I Rankiteo Cyber Score in December 2025 ??
What was Campus France's A.I Rankiteo Cyber Score in November 2025 ??
What was Campus France's A.I Rankiteo Cyber Score in October 2025 ??
What was Campus France's A.I Rankiteo Cyber Score in September 2025 ??
What was Campus France's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Campus France's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Campus France ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Campus France's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?