CVE-2026-25641
CRITICAL
GHSA-7x3h-rm86-3342
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is never enforced. So, attackers can pass malicious objects that coerce to different string values when used, e.g., one for the time the key is sanitized using hasOwnProperty(key) and a different one for when the key is used for the actual property access. This vulnerability is fixed in 0.8.29.
Analysis
SandboxJS has a fifth CVSS 10.0 escape via a TOCTOU race condition in sandbox validation, allowing code to slip through during the check-execute gap.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems and applications using SandboxJS and identify current versions; establish incident response readiness. Within 7 days: Deploy patch to version 0.8.29 or later across all affected systems; prioritize production environments first. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today