{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T02:46:17.812","vulnerabilities":[{"cve":{"id":"CVE-2026-25881","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T22:16:03.423","lastModified":"2026-02-18T18:07:12.937","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference (e.g., Map.prototype, Set.prototype) is placed into an array and retrieved, the isGlobal taint is stripped, permitting direct prototype mutation from within the sandbox. This results in persistent host-side prototype pollution and may enable RCE in applications that use polluted properties in sensitive sinks (example gadget: execSync(obj.cmd)). This vulnerability is fixed in 0.8.31."},{"lang":"es","value":"SandboxJS es una biblioteca de sandboxing de JavaScript. Antes de la versión 0.8.31, una vulnerabilidad de escape de sandbox permite que el código en sandbox mute los prototipos integrados del host al blanquear la bandera de protección 'isGlobal' a través de intermediarios de literales de array. Cuando una referencia de prototipo global (por ejemplo, Map.prototype, Set.prototype) se coloca en un array y se recupera, la marca 'isGlobal' se elimina, permitiendo la mutación directa del prototipo desde dentro del sandbox. Esto resulta en una contaminación persistente de prototipos del lado del host y puede habilitar RCE en aplicaciones que usan propiedades contaminadas en sumideros sensibles (ejemplo de gadget: execSync(obj.cmd)). Esta vulnerabilidad está corregida en la versión 0.8.31."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.8.31","matchCriteriaId":"626B7924-ECB8-4661-A9FA-3A12B095F1DE"}]}]}],"references":[{"url":"https://github.com/nyariv/SandboxJS/commit/f369f8db26649f212a6a9a2e7a1624cb2f705b53","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-ww7g-4gwx-m7wj","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}