CRITICAL🇵🇱 Wersja polska

CVE-2026-25142

CVSS 10.0v3.1pub. 2026-02-02upd. 2026-02-18

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.

🤖 AI Analysis
How it works

SandboxJS does not block calls to __lookupGetter__, which is a mechanism allowing reading accessor methods (getters) assigned to object properties. An attacker can use this method to obtain a reference to JavaScript object prototypes, which should normally be inaccessible from sandboxed code. Gaining access to prototypes enables bypassing sandbox restrictions and executing arbitrary code outside its boundaries (prototype pollution or direct environment privilege escalation).

Impact

An attacker can escape the isolated JavaScript environment and execute arbitrary code on the server side or in the application hosting the library (RCE). This results in complete loss of confidentiality, integrity, and availability of the system.

Mitigation & patch

Update the SandboxJS library to version 0.8.27 or newer, in which the vulnerability has been removed. The update is available in the project's GitHub repository (commit 75c8009db32e6829b0ad92ca13bf458178442bd3).

Who is affected

Nyariv SandboxJS library in all versions before 0.8.27.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Nyariv Sandboxjs

    APP
    Nyariv
    < 0.8.27
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-43898CRITICAL10.0PL ✓ten sam produkt

SandboxJS: ucieczka z piaskownicy przez Function.caller i RCE

CVE-2026-34208CRITICAL10.0PL ✓ten sam produkt

SandboxJS: obejście ochrony sandbox przez ścieżkę konstruktora

CVE-2026-26954CRITICAL10.0PL ✓ten sam produkt

Ucieczka z sandbox w bibliotece Nyariv SandboxJS (RCE)

CVE-2026-25881CRITICAL9.0PL ✓ten sam produkt

SandboxJS: ucieczka z sandboxu i prototype pollution umożliwiająca RCE

CVE-2026-25586CRITICAL10.0PL ✓ten sam produkt

SandboxJS — ucieczka z sandbox przez shadowing hasOwnProperty