SandboxJS has a Sandbox Escape via Prop Object Leak in...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an unexpected and undesired exploit. While this could allow modifying scopes inside the sandbox, code evaluation remains sandboxed and prototypes remain protected throughout the execution. This vulnerability is fixed in 0.8.36.

Basic Information

ID CVE-2026-34217

Source GitHub_M

Published Apr 6, 2026 at 15:12

Modified Apr 6, 2026 at 15:40

Affected Product

Vendor nyariv

Product SandboxJS

Version < 0.8.36

Affected Versions nyariv SandboxJS < 0.8.36

CWE Classification

CWE-668

References

github.com /nyariv/SandboxJS/security/advisories/GHSA-hg73-4w7g-q96w

{
    "lastseen": "",
    "description": "SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an unexpected and undesired exploit. While this could allow modifying scopes inside the sandbox, code evaluation remains sandboxed and prototypes remain protected throughout the execution. This vulnerability is fixed in 0.8.36.",
    "published": "2026-04-06T15:12:52.871Z",
    "modified": "2026-04-06T15:40:46.653Z",
    "type": "cve",
    "title": "SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler",
    "source": "GitHub_M",
    "references": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-hg73-4w7g-q96w",
    "id": "CVE-2026-34217",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668"
    ],
    "cvelist": null,
    "sourceData": "nyariv SandboxJS < 0.8.36",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SandboxJS",
    "version": "< 0.8.36",
    "vendor": "nyariv",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler_CVE-2026-34217