Critical SandboxJS Vulnerability Lets Attackers Take Over Hosts
Key Takeaways A critical vulnerability, CVE-2026-43898, has been discovered in SandboxJS, a popular JavaScript sandboxing library. The flaw allows attackers to completely escape the sandbox...
Key Takeaways
- A critical vulnerability, CVE-2026-43898, has been discovered in SandboxJS, a popular JavaScript sandboxing library.
- The flaw allows attackers to completely escape the sandbox environment and execute arbitrary code on the host system.
- All versions of the
@nyariv/sandboxjspackage up to and including 0.9.5 are affected. - The vulnerability carries a maximum CVSS score of 10.0, indicating extreme severity.
- A patched version, 0.9.6, is available on npm, and immediate updates are strongly recommended.
Critical SandboxJS Flaw Exposes Hosts to Complete Takeover
A severe security vulnerability has been identified in SandboxJS, a widely utilized JavaScript sandboxing library distributed via npm. This critical flaw enables malicious actors to bypass the sandbox’s isolation, gaining the ability to execute arbitrary code directly on the underlying host system, posing a significant threat to applications relying on the library for secure script execution.
Table Of Content
Designated as CVE-2026-43898, this vulnerability has been assigned the highest possible CVSS score of 10.0, signifying its maximum severity. The flaw impacts all versions of the @nyariv/sandboxjs package up to and including version 0.9.5. The core issue stems from sandboxed functions inadvertently exposing a critical internal callback, LispType.Call.
Once an attacker gains control of this callback, they can leverage it to bypass the sandbox’s boundaries and achieve unfettered control over the underlying host environment. The implications are profound, as this allows for full remote code execution without requiring authentication or user interaction. Any application that uses the vulnerable library to execute untrusted JavaScript is therefore at significant risk of complete system compromise.
Discovery and Disclosure
The vulnerability was identified by security researchers at GitHub, who subsequently published an advisory under the identifier GHSA-g8f2-4f4f-5jqw. Credit for reporting the flaw goes to a security researcher known as Macabely, who also provided a functional proof-of-concept (PoC) demonstrating the sandbox escape in real-world conditions.
How the Sandbox Escape Works
The vulnerability resides within the property access logic of the prop.ts file, specifically within the addOps function. The flaw allows sandboxed code to read the caller, callee, and arguments properties of functions. In the CommonJS build of the library, this design oversight permits a sandboxed function to invoke a construct such as function f(){ return f.caller }, which then returns the internal host-side callback that initiated the sandboxed execution.
This leaked callback is the LispType.Call operation, responsible for managing function calls within the runtime. Crucially, this handler accepts a params object and directly utilizes its fields without validating whether these fields originated from a trusted executor. This lack of validation allows an attacker to manipulate these fields, crafting malicious input that tricks the handler into performing unintended operations.
By orchestrating a series of carefully constructed calls through the compromised callback, an attacker can extract the legitimate host’s Function constructor. With access to the host’s Function constructor, an attacker can then inject and execute arbitrary JavaScript code directly on the host system. The provided PoC vividly illustrates this capability by executing a system command via Node.js’s built-in child_process module.
Remote Code Execution and the Broader Risk
The CVSS score of 10.0 underscores the extreme danger posed by this vulnerability. Exploiting this flaw is a low-complexity operation that can be initiated over a network, requires no special privileges, and demands no user interaction. The “Changed” scope rating further emphasizes the severity, indicating that a successful exploit transcends the sandbox’s boundaries, directly impacting the host system.
Any platform or application that employs SandboxJS to execute untrusted JavaScript is directly exposed to this threat. This encompasses a wide range of systems, including online code editors, server-side scripting environments, automation platforms, and any application designed to process external or user-submitted scripts. A successful sandbox escape grants attackers full control over the confidentiality, integrity, and availability of the compromised host.
A patched version, 0.9.6, is now available on npm. This update addresses the root cause of the vulnerability by restricting access to the caller, callee, and arguments properties within sandboxed code.
What You Should Do
- Immediate Update: All users of the
@nyariv/sandboxjspackage are strongly advised to update to version 0.9.6 or later immediately. - Isolate Untrusted Code: If an immediate update is not feasible, refrain from executing any untrusted JavaScript code through the affected library until the patch can be properly applied and thoroughly tested in your environment.
- Review Dependencies: Developers should audit their project dependencies to identify any reliance on vulnerable versions of SandboxJS.
- Implement Least Privilege: Ensure that any applications running sandboxed JavaScript operate with the absolute minimum necessary privileges on the host system.
- Monitor for Exploitation: Implement robust monitoring solutions to detect unusual activity or unauthorized code execution on systems utilizing SandboxJS.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.