{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25586", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-03T01:02:46.715Z", "datePublished": "2026-02-06T19:54:38.446Z", "dateUpdated": "2026-02-06T20:17:19.095Z"}, "containers": {"cna": {"title": "SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48"}, {"name": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3", "tags": ["x_refsource_MISC"], "url": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3"}], "affected": [{"vendor": "nyariv", "product": "SandboxJS", "versions": [{"version": "< 0.8.29", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T19:54:38.446Z"}, "descriptions": [{"lang": "en", "value": "SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29."}], "source": {"advisory": "GHSA-jjpw-65fv-8g48", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T20:17:14.791538Z", "id": "CVE-2026-25586", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T20:17:19.095Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25586", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-06T20:17:14.791538Z"}}}], "references": [{"url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T20:17:03.787Z"}}], "cna": {"title": "SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution", "source": {"advisory": "GHSA-jjpw-65fv-8g48", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nyariv", "product": "SandboxJS", "versions": [{"status": "affected", "version": "< 0.8.29"}]}], "references": [{"url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48", "name": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3", "name": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T19:54:38.446Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25586", "state": "PUBLISHED", "dateUpdated": "2026-02-06T20:17:19.095Z", "dateReserved": "2026-02-03T01:02:46.715Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T19:54:38.446Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5822AD4C-2C8E-4196-9149-A626F0572E05", "versionEndExcluding": "0.8.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29."}], "id": "CVE-2026-25586", "lastModified": "2026-02-18T14:32:36.463", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T20:16:10.770", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:29:18.225895+00:00", "value": {"mitigation_remediation": ["Update SandboxJS to version 0.8.29 or later to eliminate the prototype whitelist bypass.", "Until the update can be applied, reject or sanitize all untrusted code that could be passed to SandboxJS; avoid executing scripts that might overwrite hasOwnProperty.", "Monitor the application runtime for unexpected changes to Object.prototype and log such events to detect potential exploitation early."], "summary": {"action": "Apply Patch", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "nyariv\u2019s SandboxJS library, all releases prior to 0.8.29, is affected. The library is used in Node.js environments to evaluate untrusted JavaScript code.", "description_and_impact": "SandboxJS is a JavaScript sandboxing library. In versions before 0.8.29, an attacker can shadow the hasOwnProperty method on a sandbox instance, disabling the library\u2019s prototype whitelist. This allows direct access to __proto__ and other blocked prototype properties, leading to host Object.prototype pollution that persists across sandbox boundaries and undermines isolation.", "risk_and_exploitability": "The CVSS score is 10, but the EPSS score is less than 1\u202f%, indicating a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires execution within a SandboxJS instance, typically when untrusted code is evaluated. By overriding hasOwnProperty, an attacker can access __proto__ and pollute Object.prototype, affecting all sandboxed code sharing the same host context."}}}}, "created": "2026-02-09T10:50:10.768855+00:00", "updated": "2026-04-17T22:30:29.600419+00:00", "vendors": ["nyariv", "nyariv$PRODUCT$sandboxjs"]}