A
sandbox escape breaks out of an isolated execution environment to access the host system or other sandboxes — exploiting the hypervisor, container runtime, or browser sandbox.
Sandbox escapes are rare and high-value (often zero-days). Browser-to-OS escape chains are extremely valuable. Container escape exploits are more common (misconfigured --privileged containers). Defense: keep hypervisors and container runtimes patched.