CRITICAL🇵🇱 Wersja polska

CVE-2026-25587

CVSS 10.0v3.1pub. 2026-02-06upd. 2026-02-18

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.

🤖 AI Analysis
How it works

The vulnerability results from the fact that the Map type is included in the SAFE_PROTOTYPES list, making its prototype accessible via Map.prototype inside the sandbox. An attacker can override the Map.prototype.has method with their own implementation, which leads to breaking the sandbox isolation mechanisms. This enables arbitrary JavaScript code execution outside the controlled environment.

Impact

An attacker can escape from the isolated sandbox environment and execute arbitrary code (RCE) in the context of the host application, potentially gaining full control over the system — including confidentiality, integrity, and availability of data (CWE-94: Code Injection).

Mitigation & patch

Update the SandboxJS library to version 0.8.29 or newer, where the vulnerability has been patched. The fix is available in the project's GitHub repository (commit 67cb186c41c78c51464f70405504e8ef0a6e43c3).

Who is affected

Nyariv SandboxJS library in versions prior to 0.8.29.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Nyariv Sandboxjs

    APP
    Nyariv
    < 0.8.29
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-43898CRITICAL10.0PL ✓ten sam produkt

SandboxJS: ucieczka z piaskownicy przez Function.caller i RCE

CVE-2026-34208CRITICAL10.0PL ✓ten sam produkt

SandboxJS: obejście ochrony sandbox przez ścieżkę konstruktora

CVE-2026-26954CRITICAL10.0PL ✓ten sam produkt

Ucieczka z sandbox w bibliotece Nyariv SandboxJS (RCE)

CVE-2026-25881CRITICAL9.0PL ✓ten sam produkt

SandboxJS: ucieczka z sandboxu i prototype pollution umożliwiająca RCE

CVE-2026-25520CRITICAL10.0PL ✓ten sam produkt

Ucieczka z sandboxa w SandboxJS — wykonanie kodu poza piaskownicą