CVE-2026-26954

Critical CVSS: 10.0

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34.

Vendor

Nyariv

Product

Sandboxjs

CWE

CWE-94

Yayın Tarihi

2026-03-13 19:54:31

Güncelleme

2026-03-17 20:13:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Sandboxjs CRITICAL Nyariv 2026

Referanslar

https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv

Benzer Kayıtlar

Medium

CVE-2026-32723

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global…

Critical

CVE-2026-25881

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to m…

Critical

CVE-2026-25641

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch…

Critical

CVE-2026-25520

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.val…

Critical

CVE-2026-25586

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty…

Critical

CVE-2026-25587

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtain…