Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Grist Labs

Grist Labs Vendor Cyber Rating & Cyber Score

getgrist.com

Grist Labs is a New York-based startup reimagining software to manage data. From simple to-do lists to project planning to complex research, Grist gives your data—any data—the look and feel of an application, the robustness of a database, and the usability of a spreadsheet. With a real programming interface, and sharing done right, the possibilities are unlimited.


Grist Labs A.I CyberSecurity Scoring

Grist Labs
Company Information
Website:http://www.getgrist.com
Employees number:12
Number of followers:1,217
NAICS:5112
Industry Type:Software Development
Homepage:getgrist.com
Grist Labs Risk Score (AI oriented)
Between 700 and 749
logo
Grist LabsSoftware Development
Updated:
10/03/2026
748/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Grist Labs Global Score (TPRM)
xxxx
logo
Grist LabsSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Grist Labs
Grist LabsModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-3 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
748Before Incident
JUNE 2026
748Before Incident
MAY 2026
748Before Incident
APRIL 2026
748Before Incident
MARCH 2026
748Before Incident
FEBRUARY 2026
748Before Incident
JANUARY 2026
750Before Incident
Vulnerability
20 Jan 2026Grist Labs
Grist-Core and France’s public sector educational institutions: Grist-Core Vulnerability Enables Malicious Remote Code Execution via Crafted Spreadsheet Formulas

Critical Sandbox Escape Flaw in Grist-Core Patched After Disclosure by Cyera Research Labs

747After Incident
CRITICAL-3
GRICAM1769683332
Critical Sandbox Escape Flaw in Grist-Core Patched After Disclosure by Cyera Research Labs A high-severity sandbox escape vulnerability in Grist-Core, tracked as GHSA-7xvx-8pf2-pv5g (CVSS 9.1), has been patched following responsible disclosure by Cyera Research Labs. The flaw allowed attackers to achieve remote code execution (RCE) by exploiting malicious spreadsheet formulas that bypassed the platform’s Pyodide WebAssembly sandbox, exposing sensitive data and downstream systems. ### Vulnerability Details & Impact Grist-Core, a relational spreadsheet platform, is used by over 1,000 organizations, including France’s public sector educational institutions, to model business data, automate workflows, and integrate Python-based formulas. The platform operates in SaaS and self-hosted configurations, making it a critical data hub with access to customer records, operational metrics, and integration credentials. In SaaS deployments, a successful exploit could lead to RCE within the vendor’s control plane, potentially compromising multi-tenant workflows, credentials, and connected systems. ### Exploit Vectors & Patch Cyera Research Labs identified three distinct sandbox escape methods: 1. Python Class Hierarchy Traversal – Exploited `warnings.catch_warnings` to access full built-ins, enabling direct imports of the `os` module and command execution via `os.system()`. 2. Direct C Library Access – Leveraged `ctypes` to call `ctypes.CDLL(None).system()`, loading the `system()` function from libc via the Emscripten runtime. 3. Emscripten Runtime Manipulation – Used `emscripten_run_script_string()` to execute JavaScript in the host runtime, gaining access to `require('child_process')` and `process.env` for full host compromise. Grist released version 1.7.9 on January 20, 2026, addressing the issue by migrating Pyodide formula execution under Deno by default. This introduces a permission-based mediation layer, blocking sensitive operations unless explicitly granted. Organizations must ensure the `GRIST_PYODIDE_SKIP_DENO` flag is disabled, as enabling it reintroduces the vulnerability. The patch shifts Grist’s security model from a blocklist-based sandbox to a capability-based approach, significantly reducing the risk of formula-based exploitation.
INCIDENT DETAILS -
TYPE
Sandbox Escape Vulnerability
IMPACT
Data Compromised: Sensitive data, customer records, operational metrics, integration credentialsSystems Affected: Grist-Core SaaS and self-hosted deploymentsOperational Impact: Remote code execution (RCE) within vendor’s control plane, potential compromise of multi-tenant workflows and connected systems
DATA BREACH
Type Of Data Compromised: Customer records, operational metrics, integration credentialsSensitivity Of Data: High
DECEMBER 2025
750Before Incident
NOVEMBER 2025
750Before Incident
OCTOBER 2025
750Before Incident
SEPTEMBER 2025
750Before Incident
AUGUST 2025
750Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Grist Labs ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Grist Labs's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Grist Labs's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Grist Labs ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Grist Labs's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?