CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Before version 0.8.34, it can leak arrays containing Function, enabling sandbox escape when used with Object.fromEntries to construct {[p]: Function} for any constructible property. This leads to Sandbox Escape with potential RCE as described in multi...

CVE-2026-26954 SandboxJS has a Sandbox Escape

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct p: Function where p is any constructible property. This...

GHSA-MJ4P-RC52-M843 OpenClaw: Sandbox staged writes could escape the verified parent directory before commit

Summary In affected versions of openclaw, sandbox fs-bridge writes validated the destination before commit, but temporary file creation and population were not pinned to a verified parent directory. A raced parent-path alias change could cause the staged temp file to be created outside the intend...

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition through the writeFile commit path. An attacker can cause files to be written outside the intended sandbox path by exploiting a race conditi...

OpenClaw: Sandbox `writeFile` commit could race outside the validated path

Summary In affected versions of openclaw, the sandbox fs-bridge writeFile commit step used an unanchored container path during the final move into place. An attacker racing parent-path changes inside the sandbox could redirect the committed file outside the validated sandbox path. Impact This is ...

EUVD-2026-12043

SandboxJS affected by a Sandbox Escape...

GHSA-6R9F-759J-HJGV SandboxJS affected by a Sandbox Escape

Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...

SandboxJS affected by a Sandbox Escape

Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

PT-2026-25322

Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.34 contained a code injection vulnerability. This vulnerability stemmed from the possibility of accessing arrays containing functions, which could lead to sandbox escape...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2026:0871-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0871-1 advisory. Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: - CVE-2026-2757:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2026:0880-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0880-1 advisory. Mozilla Thunderbird 140.8 MFSA 2026-17 bsc1258568: - CVE-2026-2757: Incorrect boundary condition...

Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability

Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

CVE-2026-3910

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...