PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43898 nyariv CVE debrief

A critical sandbox escape vulnerability in SandboxJS prior to version 0.9.6 allows sandboxed JavaScript code to break containment and execute arbitrary host JavaScript. The flaw stems from sandbox-defined functions exposing `Function.caller`, which enables recovery of the internal `LispType.Call` runtime callback. An attacker can invoke this callback with crafted context and object values to extract blocked host statics, recover the real host `Function` constructor, and achieve arbitrary code execution on the host environment. This represents a complete bypass of the sandbox's security guarantees. The vulnerability carries a CVSS 3.1 score of 10.0 (Critical) with network attack vector, low attack complexity, no privileges required, no user interaction, and changed scope with high impacts to confidentiality, integrity, and availability. The issue was published by NVD on May 28, 2026 and modified later the same day. No known exploitation in ransomware campaigns has been documented.

Vendor
nyariv
Product
SandboxJS
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Organizations running applications that execute untrusted JavaScript code through the SandboxJS library, particularly those in multi-tenant environments, code execution platforms, or any system where sandboxed code originates from untrusted sources. Development teams using SandboxJS for plugin systems, user-script execution, or dynamic code evaluation should prioritize immediate patching.

Technical summary

The SandboxJS library implements JavaScript sandboxing through runtime interception and controlled execution environments. In versions prior to 0.9.6, the sandbox's function wrapping mechanism inadvertently preserves access to `Function.caller`—a deprecated JavaScript feature that exposes the calling function's stack frame. Sandbox-defined functions expose this property, allowing sandboxed code to traverse the call stack and recover the internal `LispType.Call` callback used by the sandbox runtime. This callback, when invoked with attacker-controlled `context` and `obj` parameters, enables direct manipulation of the sandbox's internal state. The attack chain proceeds through: (1) recovery of `LispType.Call` via `Function.caller` traversal; (2) invocation with forged context to bypass access controls; (3) extraction of blocked host static properties; (4) recovery of the genuine host `Function` constructor; and (5) execution of arbitrary JavaScript in the host context. The vulnerability demonstrates that sandbox implementations must rigorously isolate internal runtime callbacks and eliminate `Function.caller` exposure in all wrapped functions. The fix in 0.9.6 addresses the root cause by preventing this callback exposure.

Defensive priority

critical

Recommended defensive actions

  • Upgrade SandboxJS to version 0.9.6 or later immediately
  • Audit applications using SandboxJS for signs of compromise if running vulnerable versions
  • Review sandboxed code execution logs for anomalous host-level activity
  • Implement defense-in-depth by restricting sandboxed code to least-privilege execution contexts
  • Monitor for unauthorized access to host Function constructor or static property extraction attempts

Evidence notes

Vulnerability description and technical details sourced from NVD record and GitHub Security Advisory GHSA-g8f2-4f4f-5jqw. Affected versions confirmed as all versions prior to 0.9.6 per CPE criteria. Fix verified via commit 826865251232611ec94078bab5a18ec875dad4a5. CVSS vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H confirms critical severity with changed scope. CWE-94 (Improper Control of Generation of Code) classified as secondary weakness source.

Official resources

2026-05-28