CVE-2026-25142

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.27

Description SandboxJS is a JavaScript sandboxing library with an issue where the lookupGetter function is not properly restricted. This can allow obtaining prototypes, potentially leading to sandbox escape and remote code execution. The issue affects versions prior to 0.8.27.

Recommendations Update to SandboxJS version 0.8.27 or later.

Exploit

Fix

Code Injection

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-1321

Related Identifiers

CVE-2026-25142

GHSA-9P4W-FQ8M-2HP7

Affected Products

Sandboxjs

CVE-2026-25142

Weakness Enumeration

Related Identifiers

Affected Products

References · 11