A critical sandbox escape vulnerability exists in Frappe Framework ERPNext version 13.4.0 affecting the RestrictedPython component. The vulnerability allows authenticated users with System Manager privileges to execute arbitrary system commands by exploiting frame introspection capabilities. Attackers can create malicious server scripts through the /app/server-script endpoint and use the gi_frame attribute to traverse the call stack. This enables them to escape the restricted Python sandbox and invoke os.popen to execute system-level commands, leading to potential full system compromise.