By rssfeeds-admin Tracked as CVE-2026-43898, the vulnerability carries a perfect CVSS score of 10.0, the highest possible severity rating, and allows attackers to completely break out of the sandbox and execute arbitrary code directly on the underlying host system.
The flaw affects all versions of the @nyariv/sandboxjs package up to and including version 0.9.5. Security researchers at GitHub identified and disclosed the issue under advisory identifier GHSA-g8f2-4f4f-5jqw.
A researcher known as Macabely reported the vulnerability and provided a working proof-of-concept demonstrating the escape under real-world conditions.
At the heart of the issue, sandboxed code was incorrectly permitted to access the caller, callee, and arguments properties of functions.
This design flaw is inside the addOps function within prop.ts, which allowed a sandboxed function to leak a powerful internal callback LispType.Call, which handles function invocations inside the runtime.
Once an attacker obtains this callback, they gain a direct pathway out of the sandbox and into the host environment.
How the Sandbox Escape Works
The attack exploits the fact that the LispType.Call handler accepts a params object and uses its fields directly, without verifying whether those fields originated from the trusted executor.
Since attackers fully control those fields, they can craft forged input that manipulates the handler into unintended behavior.
By chaining a series of carefully crafted calls through the leaked callback, an attacker can extract the real host Function constructor.
With that in hand, they can pass arbitrary JavaScript code as a string and execute it directly on the host.
The proof-of-concept included in the advisory demonstrates this by running a system command through Node.js’s built-in child_process module confirming full remote code execution (RCE) capability with no credentials and no user interaction required.
Remote Code Execution and the Broader Risk
The CVSS 10.0 score reflects every worst-case condition being met simultaneously: the attack is network-accessible, requires low complexity, needs no special privileges, and demands zero user interaction.
The scope is rated Changed, meaning a successful exploit crosses the boundary from the isolated sandbox directly into the host system, granting attackers full control over confidentiality, integrity, and availability.
Any platform using SandboxJS to run user-submitted or third-party JavaScript is at risk, including online code editors, server-side scripting tools, automation platforms, and applications processing untrusted scripts.
A patched release, version 0.9.6, is now available on npm and addresses the root cause by blocking sandboxed access to the caller, callee, and arguments properties entirely.
All users are strongly urged to update immediately. Developers who cannot apply the patch right away should refrain from running any untrusted JavaScript through the affected library until the fix has been properly deployed and validated in their environment.
Staying on version 0.9.5 or below leaves systems fully exposed to complete host takeover.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Critical SandboxJS Flaw Enables Host System Takeover appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.