A quartet of critical SandboxJS vulnerabilities has been disclosed, each carrying a maximum CVSS score of 10.0 and capable of allowing attackers to completely break out of the sandbox and run arbitrary code on the host. The flaws are tracked as CVE-2026-25520, CVE-2026-25586, CVE-2026-25587, and CVE-2026-25641, and affect SandboxJS versions 0.8.28 and earlier, with a patch released in version 0.8.29.
The first flaw exploits how the library handles function return values, where attackers can access the host’s Function constructor through a chain of method calls, using Object[.]values or Object[.]entries to retrieve the host’s constructor. The second vulnerability targets Map.prototype[.]has by overwriting the method, while the third enables Host Prototype Pollution by shadowing hasOwnProperty to bypass whitelist checks.
The final TOCTOU bug permits a malicious key to change between check and use, allowing an object to coerce to different string values at access time. According to the advisory, these findings constitute a “code red” for developers relying on SandboxJS to run untrusted code safely.