CVE-2026-23830 in SandboxJS
Summary
by MITRE • 01/28/2026
SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox code execution by replacing the global `Function` constructor with a safe, sandboxed version (`SandboxFunction`). This is handled in `utils.ts` by mapping `Function` to `sandboxFunction` within a map used for lookups. However, before version 0.8.26, the library did not include mappings for `AsyncFunction`, `GeneratorFunction`, and `AsyncGeneratorFunction`. These constructors are not global properties but can be accessed via the `.constructor` property of an instance (e.g., `(async () => {}).constructor`). In `executor.ts`, property access is handled. When code running inside the sandbox accesses `.constructor` on an async function (which the sandbox allows creating), the `executor` retrieves the property value. Since `AsyncFunction` was not in the safe-replacement map, the `executor` returns the actual native host `AsyncFunction` constructor. Constructors for functions in JavaScript (like `Function`, `AsyncFunction`) create functions that execute in the global scope. By obtaining the host `AsyncFunction` constructor, an attacker can create a new async function that executes entirely outside the sandbox context, bypassing all restrictions and gaining full access to the host environment (Remote Code Execution). Version 0.8.26 patches this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/28/2026
The vulnerability described in CVE-2026-23830 affects the SandboxJS JavaScript sandboxing library, which is designed to provide secure execution environments for untrusted code. This library operates by replacing global constructors with sandboxed versions to prevent malicious code from accessing privileged operations. The core flaw lies in an incomplete implementation of the sandboxing mechanism where certain function constructors were not properly isolated. Specifically, versions prior to 0.8.26 failed to map AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction constructors to their safe sandboxed equivalents. This oversight creates a critical path for sandbox escape attacks that can be exploited by attackers to gain full control over the host environment.
The technical implementation of this vulnerability stems from how the library handles property access within the sandbox environment. The sandboxing mechanism in SandboxJS uses a lookup map in utils.ts to replace global constructors with safe versions, specifically mapping Function to SandboxFunction. However, the implementation missed several important constructor types that are not directly accessible through global scope but can be obtained through the constructor property of function instances. When code executes within the sandbox and accesses the .constructor property of async functions, the executor.ts module retrieves these properties without proper sandboxing. Since AsyncFunction was not included in the safe replacement map, the executor returns the actual native host AsyncFunction constructor instead of the sandboxed version, creating an escape hatch for attackers.
The operational impact of this vulnerability is severe and can be classified as a remote code execution flaw under the MITRE ATT&CK framework as it enables adversaries to bypass sandbox protections and execute arbitrary code in the host environment. Attackers can exploit this vulnerability by creating new async functions using the leaked native AsyncFunction constructor, which execute entirely outside the sandbox boundaries. This allows them to access all host resources, including file system operations, network connectivity, and process management capabilities. The vulnerability affects any application using SandboxJS versions prior to 0.8.26 and can be exploited through code injection attacks where malicious code is passed to the sandboxed execution environment. The flaw demonstrates a classic sandbox escape pattern where the isolation mechanism fails due to incomplete constructor mapping, as documented in CWE-242 (Uncommonly Used or Groups of Privileged Functions) and CWE-250 (Execute Code or Commands Directly from External Input).
The mitigation strategy for this vulnerability involves upgrading to version 0.8.26 or later of the SandboxJS library, which includes proper mapping of AsyncFunction, GeneratorFunction, and AsyncGeneratorFunction constructors to their sandboxed equivalents. Organizations should also implement additional defensive measures such as monitoring for unusual function constructor access patterns and conducting regular security assessments of sandboxed code environments. The fix addresses the root cause by ensuring complete constructor isolation, preventing attackers from obtaining references to native function constructors that could be used to escape the sandboxed execution environment. This vulnerability highlights the importance of comprehensive security testing for sandboxing libraries and demonstrates how seemingly minor omissions in constructor mapping can lead to complete bypass of security controls.