CVE-2026-23830
Published: 28 January 2026
Summary
CVE-2026-23830 is a critical-severity Code Injection (CWE-94) vulnerability in Nyariv Sandboxjs. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SC-50 (Software-enforced Separation and Policy Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely patching of the SandboxJS library flaw to version 0.8.26, directly eliminating the sandbox escape via unmapped AsyncFunction constructor.
Mandates a complete reference monitor in the sandbox executor to mediate all property accesses, preventing retrieval of native host constructors like AsyncFunction.
Enforces software-based separation and policy for sandboxed JavaScript execution, ensuring comprehensive isolation of function constructors from the host environment.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote exploitation (T1190) of a public-facing JavaScript sandbox, allowing sandbox escape for privilege escalation (T1068) and host RCE via JavaScript constructors (T1059.007).
NVD Description
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed…
more
version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
Deeper analysisAI
CVE-2026-23830 is a sandbox escape vulnerability in SandboxJS, a JavaScript sandboxing library, affecting versions prior to 0.8.26. The library replaces the global Function constructor with a safe SandboxFunction version via mappings in utils.ts, but prior to the patch, it omitted mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction. These constructors are accessible via the .constructor property of instances, such as (async () => {}).constructor. In executor.ts, property access on sandboxed async functions returns the native host AsyncFunction constructor unmapped, enabling attackers to bypass isolation. The vulnerability is associated with CWEs-94 (Code Injection), CWE-693 (Protection Mechanism Failure), and CWE-913 (Improper Isolation).
An unauthenticated attacker (PR:N) with the ability to supply code for execution in a SandboxJS sandbox can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By creating an async function within the sandbox and accessing its .constructor, the attacker obtains the host AsyncFunction constructor. This allows creation of a new async function that executes entirely in the global host scope, outside sandbox restrictions, resulting in remote code execution (RCE) with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H) and changed scope (S:C). The CVSS v3.1 base score is 10.0.
SandboxJS version 0.8.26 patches the vulnerability by adding mappings for AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction to the safe-replacement map in utils.ts. Additional details on the fix and advisory are provided in the GitHub security advisory at GHSA-wxhw-j4hc-fmq6 and the patching commit 345aee6566e47979dee5c337b925b141e7f78ccd.
Details
- CWE(s)