A significant security flaw has been discovered in SandboxJS, a popular JavaScript sandboxing library available on npm. This vulnerability allows malicious actors to escape the sandbox environment and execute arbitrary code on the host system.
Critical Security Threat
Identified as CVE-2026-43898, the flaw carries a critical severity score of 10.0, indicating the highest level of threat. This underscores the seriousness of the issue in today’s heightened cybersecurity environment.
All versions of the @nyariv/sandboxjs package, up to and including 0.9.5, are impacted. The core issue lies in the unintended leakage of a powerful internal callback, known as LispType.Call, from the sandbox-defined functions.
Once an attacker gains access to this callback, they can extend their reach beyond the sandbox, gaining full control over the host system.
Discovery and Proof of Concept
Security experts at GitHub were responsible for identifying this vulnerability, publishing an advisory under the identifier GHSA-g8f2-4f4f-5jqw. The discovery was made by a researcher known as Macabely, who also developed a proof-of-concept to demonstrate the potential real-world impact of this exploit.
The risk is substantial, as exploiting this flaw allows an attacker to achieve remote code execution on the host without requiring login credentials or user interaction. Applications utilizing this library to run untrusted JavaScript are at high risk of being compromised.
Mechanism of the Exploit
A corrected version, 0.9.6, has been released and is now available on npm. Users of the affected package are strongly urged to update immediately, as remaining on versions 0.9.5 and below leaves systems vulnerable to attack.
The vulnerability resides in the property access logic within a file named prop.ts, specifically in the addOps function. Sandboxed code could access the caller, callee, and arguments properties of functions, posing a security risk.
In the CommonJS build of the library, this flaw enabled sandboxed functions to call functions like function f(){ return f.caller }, exposing the internal callback. This callback, the LispType.Call, handles function calls within the runtime without verifying the origin of the parameters.
An attacker, controlling these fields, can manipulate the input to mislead the handler into executing unintended actions, ultimately gaining access to the host’s Function constructor. This allows them to execute arbitrary JavaScript code directly on the host.
Wider Implications and Precautions
The vulnerability’s CVSS score of 10.0 highlights its potential danger. The exploit can be executed over a network with low complexity, requiring no special privileges or user actions.
Any platform using SandboxJS for user-submitted or third-party JavaScript runs the risk of attack. This includes online code editors, server-side scripts, automation tools, and any application processing untrusted scripts.
Breaking the sandbox allows attackers to control the host’s confidentiality, integrity, and availability. The patch in version 0.9.6 addresses the root cause by blocking access to sensitive properties within sandboxed code.
Developers unable to update immediately should refrain from running untrusted JavaScript until the patch is applied and tested in their environments.
