diff --git a/CHANGES.md b/CHANGES.md
index 4a831b7e4eb..cc070f1bd4c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -20,6 +20,8 @@
 - Introduce a `dirs` field in the `install` stanza to install entire
   directories (#5097, fixes #5059, @rgrinberg)
 
+- Menhir rules are now sandboxed by default (#6076, @rgrinberg)
+
 - Allow rules producing directory targets to create symlinks (#6077, fixes
   #5945, @rgrinberg)
 
diff --git a/src/dune_rules/menhir_rules.ml b/src/dune_rules/menhir_rules.ml
index 45f91e81567..22e51ce2464 100644
--- a/src/dune_rules/menhir_rules.ml
+++ b/src/dune_rules/menhir_rules.ml
@@ -58,6 +58,12 @@ module Run (P : PARAMS) = struct
 
   let expander = Compilation_context.expander cctx
 
+  let sandbox =
+    let scope = Compilation_context.scope cctx in
+    let project = Scope.project scope in
+    if Dune_project.dune_version project < (3, 5) then Sandbox_config.default
+    else Sandbox_config.needs_sandboxing
+
   (* ------------------------------------------------------------------------ *)
 
   (* Naming conventions. *)
@@ -109,7 +115,7 @@ module Run (P : PARAMS) = struct
   let menhir (args : 'a args) :
       Action.Full.t Action_builder.With_targets.t Memo.t =
     Memo.map menhir_binary ~f:(fun prog ->
-        Command.run ~dir:(Path.build build_dir) prog args)
+        Command.run ~sandbox ~dir:(Path.build build_dir) prog args)
 
   let rule ?(mode = stanza.mode) :
       Action.Full.t Action_builder.With_targets.t -> unit Memo.t =