SandboxJS is a JavaScript sandboxing library designed to safely execute untrusted code by isolating it from the host environment. However, versions prior to 0.8.31 contain a critical vulnerability (CVE-2026-25881) classified as CWE-1321 (Improperly Controlled Modification of Object Prototype Attributes, or prototype pollution). The vulnerability arises because the sandbox’s protection mechanism, which uses an isGlobal taint flag to prevent sandboxed code from modifying host global prototypes, can be bypassed. Specifically, when a global prototype reference (e.g., Map.prototype or Set.prototype) is placed inside an array literal and then retrieved, the isGlobal flag is stripped. This allows sandboxed code to directly mutate these prototypes, leading to persistent pollution of the host environment’s prototypes. Prototype pollution can alter the behavior of all objects inheriting from the polluted prototype, potentially causing unexpected behavior or security issues. In this case, the polluted prototypes can be leveraged to execute arbitrary code on the host system, for example, by manipulating objects passed to sensitive functions like execSync that execute shell commands. The vulnerability does not require authentication or user interaction and can be exploited remotely if untrusted code is executed within the vulnerable SandboxJS environment. The CVSS 3.1 score of 9.1 reflects the critical impact on confidentiality, integrity, and availability, with network attack vector and no privileges required. Although no known exploits are reported in the wild yet, the severity and ease of exploitation make this a significant threat. The issue is resolved in SandboxJS version 0.8.31, which properly maintains the isGlobal taint when handling prototype references.

For European organizations, this vulnerability poses a severe risk especially for those using SandboxJS to execute third-party or untrusted JavaScript code in web applications, serverless functions, or microservices. Successful exploitation can lead to remote code execution on critical infrastructure, compromising confidentiality, integrity, and availability of systems and data. This can result in data breaches, service disruptions, and lateral movement within networks. Industries such as finance, healthcare, and government, which often rely on sandboxing for secure code execution, are particularly at risk. The persistent nature of prototype pollution means that even after the initial exploit, the polluted environment can cause ongoing security issues and unpredictable application behavior. Additionally, the ability to execute arbitrary commands via execSync or similar functions can lead to full system compromise. Given the high CVSS score and the critical nature of the vulnerability, organizations face a substantial threat if they do not promptly update or mitigate the issue.

1. Immediately upgrade all instances of SandboxJS to version 0.8.31 or later, where the vulnerability is fixed. 2. Audit all applications and services that use SandboxJS to identify and isolate vulnerable versions. 3. Implement strict input validation and sanitization for any code or data executed within SandboxJS to reduce the risk of malicious payloads. 4. Employ runtime monitoring and anomaly detection to identify unusual prototype modifications or suspicious execSync usage. 5. Restrict the use of sensitive functions like execSync within sandboxed environments or replace them with safer alternatives. 6. Use additional sandboxing or containerization layers to limit the impact of potential escapes. 7. Conduct regular security reviews and penetration testing focused on prototype pollution and sandbox escape vectors. 8. Educate developers about secure coding practices related to prototype pollution and sandbox usage.