CVE-2026-25587

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.29

Description SandboxJS is a JavaScript sandboxing library. Prior to version 0.8.29, a flaw exists where the prototype of the Map object, present in SAFE PROTOYPES, can be accessed via Map.prototype. By overwriting the Map.prototype.has function, the sandbox can be escaped, potentially leading to remote code execution. The issue stems from a bug in the let implementation, where using let instead of const to declare a variable referencing Map.prototype results in undefined. This allows manipulation of the Map.prototype.has function. A proof-of-concept (PoC) demonstrates the ability to execute arbitrary commands, such as listing directory contents, by redefining Map.prototype.has to call isFinite.constructor with a malicious string.

Recommendations Versions prior to 0.8.29 should be updated to version 0.8.29 to address this issue.