CVE-2026-23830

CriticalPublic PoC

Published: 28 January 2026

Published

28 January 2026

Modified

12 February 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0020 41.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed…

version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the SandboxJS library flaw to version 0.8.26, directly eliminating the sandbox escape via unmapped AsyncFunction constructor.

AC-25 Reference Monitor good match

prevent

Mandates a complete reference monitor in the sandbox executor to mediate all property accesses, preventing retrieval of native host constructors like AsyncFunction.

SC-50 Software-enforced Separation and Policy Enforcement good match

prevent

Enforces software-based separation and policy for sandboxed JavaScript execution, ensuring comprehensive isolation of function constructors from the host environment.

Security SummaryAI

CVE-2026-23830 is a sandbox escape vulnerability in SandboxJS, a JavaScript sandboxing library, affecting versions prior to 0.8.26. The library replaces the global Function constructor with a safe SandboxFunction version via mappings in utils.ts, but prior to the patch, it omitted mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction. These constructors are accessible via the .constructor property of instances, such as (async () => {}).constructor. In executor.ts, property access on sandboxed async functions returns the native host AsyncFunction constructor unmapped, enabling attackers to bypass isolation. The vulnerability is associated with CWEs-94 (Code Injection), CWE-693 (Protection Mechanism Failure), and CWE-913 (Improper Isolation).

An unauthenticated attacker (PR:N) with the ability to supply code for execution in a SandboxJS sandbox can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By creating an async function within the sandbox and accessing its .constructor, the attacker obtains the host AsyncFunction constructor. This allows creation of a new async function that executes entirely in the global host scope, outside sandbox restrictions, resulting in remote code execution (RCE) with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) and changed scope (S:C). The CVSS v3.1 base score is 10.0.

SandboxJS version 0.8.26 patches the vulnerability by adding mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction to the safe-replacement map in utils.ts. Additional details on the fix and advisory are provided in the GitHub security advisory at GHSA-wxhw-j4hc-fmq6 and the patching commit 345aee6566e47979dee5c337b925b141e7f78ccd.

Details

CWE(s): CWE-94 CWE-693 CWE-913

Affected Products

nyariv

sandboxjs

≤ 0.8.26

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

Why these techniques?

CVE enables unauthenticated remote exploitation (T1190) of a public-facing JavaScript sandbox, allowing sandbox escape for privilege escalation (T1068) and host RCE via JavaScript constructors (T1059.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccd
Patch · security-advisories@github.com
https://github.com/nyariv/SandboxJS/security/advisories/GHSA-wxhw-j4hc-fmq6
Exploit, Vendor Advisory · security-advisories@github.com