CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-32723 SandboxJS timers have an execution-quota bypass (cross-sandbox currentTicks race)

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-32723 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-32723 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15674478...

GHSA-7P5M-XRH7-769R SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

SandboxJS has an execution-quota bypass (cross-sandbox currentTicks race) in SandboxJS timers

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

PT-2026-25822

Summary Assumed repo path is /Users/zwique/Downloads/SandboxJS-0.8.34 no /Users/zwique/Downloads/SandboxJS found. A global tick state currentTicks.current is shared between sandboxes. Timer string handlers are compiled at execution time using that global tick state rather than the scheduling...

CVE-2026-32723

creationtimestamp| type| source ---|---|--- 2026-03-14 12:08:17+00:00| published-proof-of-concept| https://github.com/nyariv/SandboxJS/security/advisories/GHSA-7p5m-xrh7-769r...

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Before version 0.8.34, it can leak arrays containing Function, enabling sandbox escape when used with Object.fromEntries to construct {[p]: Function} for any constructible property. This leads to Sandbox Escape with potential RCE as described in multi...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

EUVD-2026-12043

SandboxJS affected by a Sandbox Escape...

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via the executor module. An attacker can execute arbitrary code by crafting input that allows them get to arrays containing Function and escape the intended...

GHSA-6R9F-759J-HJGV SandboxJS affected by a Sandbox Escape

Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-26954 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-26954 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15518695...

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.34 contained a code injection vulnerability. This vulnerability stemmed from the possibility of accessing arrays containing functions, which could lead to sandbox escape...

Prototype Pollution

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Prototype Pollution via the sandbox implements a protection mechanism using the isGlobal flag in the Prop class. An attacker can modify host built-in prototypes by laundering the...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25881 via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25881 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15253532...