CVE-2026-25586CRITICAL 10.0EPSS p45.7%

CVE-2026-25586CVE-2026-25586

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enabling host Object.prototype pollution and persistent cross-sandbox impact. This vulnerability is fixed in 0.8.29.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.64% probability of exploitation · percentile 45.7% · 2026-06-19T12:03:05Z
Published2026-02-06
Last modified2026-02-18

Underlying weaknesses· 1

CWE-74

References

  1. https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3
  2. https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48
  3. https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-740%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25587
CVE
CVE-2026-25142
CVE
CVE-2026-25641
CVE
CVE-2026-25520
CVE
CVE-2026-25881
CVE
CVE-2026-34208
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.