CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to run untrusted code without letting it touch the “real” system. However, a critical security vulnerability discovered in SandboxJS has proven that even the most reinforced walls can have a hidden door.

The flaw, tracked as CVE-2026-34208, carries a maximum CVSS score of 10.0, signaling a total breach of sandbox integrity that allows malicious code to escape its confines and manipulate the host application.

The security model of SandboxJS was built on a straightforward premise: block any direct attempt to overwrite global objects. For example, if a piece of code tried to redefine a core function like Math.random, the sandbox would throw a SandboxAccessError, effectively stopping the attack in its tracks.

However, researchers found that while the “front door” (direct assignment) was locked, the “back service entrance” was left wide open.

The vulnerability exists because the sandbox exposes its own internal constructor, SandboxGlobal, to the code running inside it. By accessing this.constructor, an attacker can reach a host function that performs arbitrary property writes internally—bypassing the assignment checks entirely.

As the technical details reveal, “Attacker code reaches a host callable that performs writes internally… The call path does not enforce equivalent global-mutation restrictions”.

By using the .call() method on this constructor, an attacker can choose any target on the host—such as the Math or JSON objects—and inject malicious logic.

Perhaps the most dangerous aspect of this escape is its “memory.” Once an attacker overwrites a host object like Math.random, that mutation persists.

The report notes, “The mutation is visible immediately in host runtime and in fresh sandbox instances, proving cross-context persistence and sandbox boundary break”.

In a real-world scenario, this means an attacker could “poison” the entire application process. Every future sandbox started by the app would inherit the malicious changes, potentially leading to supply chain attacks or total data exfiltration within the host environment.

To secure your environment, security experts recommend you are using the latest version of SandboxJS where the SandboxGlobal constructor is properly shielded from the guest runtime.