Vulnerability in Nyariv Sandboxjs

CVE-2026-34217

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator…

EPSS: 0.001 (27.4th percentile) — read the EPSS interpretation.

Affected products

Nyariv Sandboxjs — versions < 0.8.36

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

https://github.com/nyariv/SandboxJS/security/advisories/GHSA-hg73-4w7g-q96w (x_refsource_CONFIRM)