This weekend Vladislav Zorov reported a vulnerability in pengine sandboxing.
This vulnerability allows any user who can create a pengine to execute unconstrained prolog code, including process_create.
The vulnerability can be triggered simply by loading pengines.
This vulnerability was patched with commit
We recommend all pengines users upgrade to this release or later.
Big thanks to Vladislav.