EUVD-2026-35438

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

CVE-2026-47901 Iframe escape by plugins in Logseq

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

PT-2026-47800

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

CVE-2026-43898

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

EUVD-2026-32968

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

CVE-2026-43898 SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

CVE-2026-43898

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

CVE-2026-43898 SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

CVE-2026-43898

CVE-2026-43898 affects SandboxJS. Before version 0.9.6, sandboxed functions could access the host runtime via Function.caller, leaking the internal LispType.Call callback and enabling sandbox escapes that allow execution of arbitrary host JavaScript. The root cause is leakage through sandboxed fu...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.9.6 contained a security vulnerability. This vulnerability stemmed from functions defined in the sandbox that exposed Function.caller, potentially allowing sandbox-constructed code to restore internal...

GHSA-G8F2-4F4F-5JQW SandboxJS has a sandbox escape via Function.caller leakage of internal call op

Summary Sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function...

PT-2026-39892

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.9.6 Description Sandbox-defined functions expose the Function.caller property, which allows sandboxed code to recover the internal LispType.Call runtime callback. An attacker can invoke this callback using forged...