CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-26954

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.5%

CVSS Severity

CVSS v3 Score 10.0

References

https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv
https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26954

Products

Pricing

Contact Us