CVE-2026-25881
Published: 09 February 2026
Summary
CVE-2026-25881 is a critical-severity Prototype Pollution (CWE-1321) vulnerability in Nyariv Sandboxjs. Its CVSS base score is 9.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the sandbox escape flaw in SandboxJS versions prior to 0.8.31, directly preventing exploitation via patching.
Mandates tainting of information with markings to restrict operations on tainted objects, directly countering the laundering of the isGlobal protection flag through array intermediaries.
Prevents unauthorized modification of information in shared system resources such as host built-in prototypes like Map.prototype by sandboxed code.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape via prototype pollution allows JS code execution inside the restricted environment to achieve host RCE (e.g., via execSync gadgets); directly enables exploitation of public-facing applications and JavaScript interpreters.
NVD Description
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference (e.g., Map.prototype, Set.prototype) is…
more
placed into an array and retrieved, the isGlobal taint is stripped, permitting direct prototype mutation from within the sandbox. This results in persistent host-side prototype pollution and may enable RCE in applications that use polluted properties in sensitive sinks (example gadget: execSync(obj.cmd)). This vulnerability is fixed in 0.8.31.
Deeper analysisAI
CVE-2026-25881 is a sandbox escape vulnerability in SandboxJS, a JavaScript sandboxing library. Versions prior to 0.8.31 allow sandboxed code to mutate host built-in prototypes, such as Map.prototype or Set.prototype, by exploiting a flaw in the isGlobal protection flag. This occurs when a global prototype reference is inserted into an array literal and retrieved, stripping the isGlobal taint and enabling direct prototype mutation from within the sandbox. The issue leads to persistent host-side prototype pollution and has a CVSS v3.1 score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), mapped to CWE-1321.
An attacker who can execute arbitrary JavaScript code within a SandboxJS sandbox—no privileges required—can exploit this to pollute host prototypes. This pollution persists outside the sandbox and may enable remote code execution in applications that process polluted properties in sensitive contexts, such as using execSync on an object with a tainted cmd property as a gadget.
The vulnerability is fixed in SandboxJS version 0.8.31. The GitHub security advisory (GHSA-ww7g-4gwx-m7wj) and the fixing commit (f369f8db26649f212a6a9a2e7a1624cb2f705b53) detail the patch, recommending immediate upgrades for affected deployments.
Details
- CWE(s)