{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50035?format=json","vulnerability_id":"VCID-h39s-93bn-h3ea","summary":"@nyariv/sandboxjs has Sandbox Escape via Prototype `Whitelist` Bypass and Host Prototype Pollution\nA sandbox escape is possible by shadowing `hasOwnProperty` on a sandbox object, which disables prototype `whitelist` enforcement in the property-access path. This permits direct access to `__proto__` and other blocked prototype properties, enabling **host `Object.prototype` pollution** and persistent cross-sandbox impact.\n\nThe issue was reproducible on Node `v23.9.0` using the project’s current build output. The bypass works with default `Sandbox` configuration and does not require custom globals or `whitelist`s.","aliases":[{"alias":"CVE-2026-25586"},{"alias":"GHSA-jjpw-65fv-8g48"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73879?format=json","purl":"pkg:npm/%40nyariv/sandboxjs@0.8.29","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540nyariv/sandboxjs@0.8.29"}],"affected_packages":[],"references":[{"reference_url":"https://github.com/nyariv/SandboxJS","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/nyariv/SandboxJS"},{"reference_url":"https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25586","reference_id":"CVE-2026-25586","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25586"},{"reference_url":"https://github.com/advisories/GHSA-jjpw-65fv-8g48","reference_id":"GHSA-jjpw-65fv-8g48","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jjpw-65fv-8g48"},{"reference_url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48","reference_id":"GHSA-jjpw-65fv-8g48","reference_type":"","scores":[],"url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48"}],"weaknesses":[{"cwe_id":74,"name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","description":"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h39s-93bn-h3ea"}