FKIE_CVE-2026-23830

Vulnerability from fkie_nvd - Published: 2026-01-28 00:15 - Updated: 2026-02-12 20:47
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
References
security-advisories@github.comhttps://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccdPatch
security-advisories@github.comhttps://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxhw-j4hc-fmq6Exploit, Vendor Advisory
Impacted products
Vendor Product Version
nyariv sandboxjs *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "39569A92-6C8F-4E00-8280-F8AA92EA4150",
              "versionEndExcluding": "0.8.26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () =\u003e {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability."
    },
    {
      "lang": "es",
      "value": "SandboxJS es una librer\u00eda de sandboxing de JavaScript. Las versiones anteriores a la 0.8.26 tienen una vulnerabilidad de escape de sandbox debido a que `AsyncFunction` no est\u00e1 aislada en `SandboxFunction`. La librer\u00eda intenta aplicar un sandbox a la ejecuci\u00f3n de c\u00f3digo reemplazando el constructor global `Function` con una versi\u00f3n segura y con sandbox (`SandboxFunction`). Esto se maneja en `utils.ts` mapeando `Function` a `sandboxFunction` dentro de un mapa utilizado para b\u00fasquedas. Sin embargo, antes de la versi\u00f3n 0.8.26, la librer\u00eda no inclu\u00eda mapeos para `AsyncFunction`, `GeneratorFunction` y `AsyncGeneratorFunction`. Estos constructores no son propiedades globales, pero se puede acceder a ellos a trav\u00e9s de la propiedad `.constructor` de una instancia (por ejemplo, `(async () =\u0026gt; {}).constructor`). En `executor.ts`, se maneja el acceso a propiedades. Cuando el c\u00f3digo que se ejecuta dentro del sandbox accede a `.constructor` en una funci\u00f3n as\u00edncrona (que el sandbox permite crear), el `executor` recupera el valor de la propiedad. Dado que `AsyncFunction` no estaba en el mapa de reemplazo seguro, el `executor` devuelve el constructor `AsyncFunction` nativo real del host. Los constructores para funciones en JavaScript (como `Function`, `AsyncFunction`) crean funciones que se ejecutan en el \u00e1mbito global. Al obtener el constructor `AsyncFunction` del host, un atacante puede crear una nueva funci\u00f3n as\u00edncrona que se ejecuta completamente fuera del contexto del sandbox, eludiendo todas las restricciones y obteniendo acceso total al entorno del host (ejecuci\u00f3n remota de c\u00f3digo). La versi\u00f3n 0.8.26 corrige esta vulnerabilidad."
    }
  ],
  "id": "CVE-2026-23830",
  "lastModified": "2026-02-12T20:47:16.640",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-28T00:15:50.170",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccd"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxhw-j4hc-fmq6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        },
        {
          "lang": "en",
          "value": "CWE-693"
        },
        {
          "lang": "en",
          "value": "CWE-913"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.