CVE-2026-25520

Critical CVSS: 10.0

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox. This vulnerability is fixed in 0.8.29.

Vendor

Nyariv

Product

Sandboxjs

CWE

CWE-74

Yayın Tarihi

2026-02-06 20:16:10

Güncelleme

2026-02-18 14:33:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-74 Sandboxjs CRITICAL Nyariv 2026

Referanslar

https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-58jh-xv4v-pcx4 https://github.com/nyariv/SandboxJS/security/advisories/GHSA-58jh-xv4v-pcx4

Benzer Kayıtlar

Medium

CVE-2026-32723

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global…

Critical

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, whic…

Critical

CVE-2026-25881

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to m…

Critical

CVE-2026-25641

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch…

Critical

CVE-2026-25586

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty…

Critical

CVE-2026-25587

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtain…