CVE-2026-26954

{"id": "CVE-2026-26954", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2026-03-13T19:54:31.143", "references": [{"url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv", "tags": ["Vendor Advisory", "Exploit"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-6r9f-759j-hjgv", "tags": ["Vendor Advisory", "Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SandboxJS is a JavaScript sandboxing library. Prior to 0.8.34, it is possible to obtain arrays containing Function, which allows escaping the sandbox. Given an array containing Function, and Object.fromEntries, it is possible to construct {[p]: Function} where p is any constructible property. This vulnerability is fixed in 0.8.34."}, {"lang": "es", "value": "SandboxJS es una biblioteca de sandboxing de JavaScript. Antes de 0.8.34, es posible obtener arrays que contienen Function, lo que permite escapar del sandbox. Dado un array que contiene Function, y Object.fromEntries, es posible construir {[p]: Function} donde p es cualquier propiedad construible. Esta vulnerabilidad se corrige en la versi\u00f3n 0.8.34."}], "lastModified": "2026-03-17T20:13:06.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nyariv:sandboxjs:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "21637BCD-7C1B-48F0-836C-399CD3946F7D", "versionEndExcluding": "0.8.34"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}