CriticalPublic exploit

Sandbox escape in @nyariv/sandboxjs via TOCTOU key coercion

IdentifiersCVE-2026-25641CWE-367· Time-of-check Time-of-use (TOCTOU)…

CVE-2026-25641 is a sandbox escape vulnerability in SandboxJS (@nyariv/sandboxjs) affecting versions 0.8.28 and earlier. The flaw is caused by a mismatch between the property key validated by the sandbox and the key ultimately used for property access. SandboxJS performs validation on a key assuming string semantics, but does not enforce that the supplied key is actually a primitive string. As a result, an attacker can supply a malicious object with coercion behavior such that it yields one string value during the safety check, for example when evaluated through hasOwnProperty(key), and a different string value when later used for the actual property access. This creates a time-of-check to time-of-use condition in key handling, allowing a key to appear benign during validation and resolve to a dangerous property such as proto during use. In the context of SandboxJS, this can be leveraged to bypass property restrictions, escape the sandbox, and potentially reach host-side code execution paths.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can bypass SandboxJS property access controls and permit access to otherwise blocked or dangerous properties, including prototype-related properties. This can enable sandbox escape and, depending on the embedding environment and reachable gadget chains, arbitrary code execution on the host system. The provided advisory specifically notes potential access to dangerous properties and possible code execution if the attacker can leverage the escape to reach Function-constructor or child_process execution paths.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, do not run untrusted code in vulnerable SandboxJS versions. Where use is unavoidable, enforce that all property access keys are primitive strings and reject objects that rely on toString/valueOf or other coercion behavior. Explicitly deny access to prototype-related keys and properties such as proto, prototype, and constructor, and harden the sandbox by removing or blocking access paths to Function/constructor chains and Node.js built-ins that could be used to convert sandbox escape into host code execution.

Remediation

Patch, then assume compromise.

Upgrade @nyariv/sandboxjs to version 0.8.29 or later. Version 0.8.29 contains the fix for this vulnerability.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Nyariv@Nyariv/Sandboxjsapplication

NyarivSandboxjsapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

security online infoNews

Feb 9, 2026

Code Red: 4 Critical SandboxJS Flaws (CVSS 10.0) Allow Host Takeover

SandboxJS sandbox escape / arbitrary code execution risk via a TOCTOU issue where a property key can appear safe during validation but coerce to a different (malicious) value at use time.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-25641

NVD

nvd.nist.gov/vuln/detail/CVE-2026-25641

MITRE CWE · CWE-367

Time-of-check Time-of-use (TOCTOU) Race…

Patch

github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3

Vendor Advisory

github.com/nyariv/SandboxJS/security/advisories/GHSA-7x3h-rm86-3342

Product

github.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/executor.ts