Sandbox Breakout: Critical SandboxJS Flaw (CVE-2026-25881) Allows Host Takeover

A critical vulnerability has been discovered in SandboxJS, a popular library designed to safely execute untrusted JavaScript code. The flaw, tracked as CVE-2026-25881, allows malicious code to escape its confinement and modify the host application’s core logic, potentially leading to Remote Code Execution (RCE).

For developers relying on SandboxJS to run user-submitted scripts or isolate plugins, this vulnerability renders the safety net effectively useless.

The vulnerability centers on a sophisticated method of bypassing the sandbox’s security checks. The library uses a flag (typically isGlobal) to mark certain objects as protected. However, researchers found a way to strip this protection by passing the object through an array.

According to the security advisory, the flaw “allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries”.

In simple terms, when a malicious script places a protected object (like Map.prototype) into an array and then retrieves it, the security system loses track of the “taint” or protection marker.

“When a global prototype reference… is placed into an array and retrieved, the isGlobal taint is stripped, permitting direct prototype mutation from within the sandbox,” the report explains.

Once the attacker has mutated the host’s prototypes, the consequences are severe. This technique, known as Prototype Pollution, effectively allows the attacker to rewrite the rules of the running application.

“This results in persistent host-side prototype pollution and may enable RCE in applications that use polluted properties in sensitive sinks,” the advisory warns.

The report highlights a specific “gadget” or attack scenario where this pollution could lead to command execution: “example gadget: execSync(obj.cmd)”. By polluting a property used by a function like execSync, an attacker could trick the host server into running arbitrary system commands.

The maintainers have addressed this critical “sandbox escape” in the latest release. The vulnerability affects versions Prior to 0.8.31.

Developers using SandboxJS are urged to upgrade immediately, as “This vulnerability is fixed in 0.8.31”. Until the patch is applied, any application running untrusted code via this library should be considered at risk of full compromise.

Related Posts:

• Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover
• CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape
• Kibana Code Injection Vulnerability: Prototype Pollution Threat (CVE-2024-12556)
• CVE-2025-25014 (CVSS 9.1): Prototype Pollution in Kibana Opens Door to Code Execution