CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25586 – SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
https://notcve.org/view.php?id=CVE-2026-25586
06 Feb 2026 — Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. • https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25520 – SandboxJS has a Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-25520
06 Feb 2026 — SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox. This vulnerability is fixed in 0.8.29. • https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25587 – SandboxJS has a Sandbox Escape
https://notcve.org/view.php?id=CVE-2026-25587
06 Feb 2026 — SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29. • https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25641 – SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses
https://notcve.org/view.php?id=CVE-2026-25641
06 Feb 2026 — Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. • https://github.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/executor.ts#L304-L304 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25725 – Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json
https://notcve.org/view.php?id=CVE-2026-25725
06 Feb 2026 — Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks (such a... • https://github.com/anthropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf • CWE-501: Trust Boundary Violation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25115 – n8n is vulnerable to Python sandbox escape
https://notcve.org/view.php?id=CVE-2026-25115
04 Feb 2026 — n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8. • https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx-564h • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25142 – SandboxJS Prototype Pollution -> Sandbox Escape -> RCE
https://notcve.org/view.php?id=CVE-2026-25142
02 Feb 2026 — SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox / remote code execution. This vulnerability is fixed in 0.8.27. • https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/executor.ts#L368-L398 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-1770 – Improper Control of Dynamically-Managed Code Resources in Crafter Studio
https://notcve.org/view.php?id=CVE-2026-1770
02 Feb 2026 — Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. • https://docs.craftercms.org/current/security/advisory.html#cv-2026020201 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-25117 – pwn.college DOJO vulnerable to sandbox escape leading to arbitrary javascript execution
https://notcve.org/view.php?id=CVE-2026-25117
29 Jan 2026 — This is a sandbox escape leading to arbitrary javascript execution as the dojo's origin. • https://github.com/pwncollege/dojo/commit/e33da14449a5abcff507e554f66e2141d6683b0a • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2026-23830 – SandboxJS has Sandbox Escape via Unprotected AsyncFunction Constructor
https://notcve.org/view.php?id=CVE-2026-23830
27 Jan 2026 — Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. • https://github.com/nyariv/SandboxJS/commit/345aee6566e47979dee5c337b925b141e7f78ccd • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-693: Protection Mechanism Failure CWE-913: Improper Control of Dynamically-Managed Code Resources •