CVE-2026-25142

Published February 2nd, 2026

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27.

nyariv/SandboxJS

Safe eval runtime

GitHub

219