How is CVE-2026-43898 exploited?

Network reachability (required): The attacker must reach the service over the network; the AV:N vector means no local or physical access is needed. Authentication (not-required): No credentials or account are needed; PR:N means an unauthenticated attacker can trigger the vulnerability. Victim interaction (not-required): No user action is required; the attacker exploits the flaw without any victim needing to click, open, or approve anything. Attack complexity (info): Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or environmental setup.

What is the impact of CVE-2026-43898?

The attacker escapes the JavaScript sandbox entirely and executes arbitrary code in the host JavaScript runtime. The attacker reads host-side data, including blocked statics, environment variables, secrets, and any in-process state accessible to the host runtime. The attacker modifies host runtime state, altering application logic, persisted data, or in-memory structures outside the sandbox boundary. The attacker can crash or destabilize the host process, causing full service disruption.

Back to search

CRITICALCVE-2026-43898Published 2026-05-28Modified 2026-05-28CNA GitHub_M

CVE-2026-43898: SandboxJS: Sandbox escape via Function.caller leakage of internal call op

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked host statics, recover the real host Function constructor, and execute arbitrary host JavaScript. This vulnerability is fixed in 0.9.6.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is a sandbox escape vulnerability in SandboxJS, a JavaScript sandboxing library. The flaw is reachable over the network with no authentication required, and the CVSS scope is changed, meaning a successful attacker breaks out of the sandboxed execution context entirely. Exploitation gives the attacker arbitrary JavaScript execution on the host, with full read, write, and availability impact on the surrounding system. No fix version has been published yet; HarborGuard tracks the advisory and will make a patched-image rebuild available as soon as an upstream fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in registries and CI pipelines, including custom-built images that bundle SandboxJS directly. Any image containing a vulnerable version of SandboxJS (prior to 0.9.6) is flagged automatically.

Available

Triage

HarborGuard scores this CVE at CVSS 10.0 Critical and weights it against each environment's compliance policy to determine priority and routing. Findings are surfaced to the appropriate team inbox within the customer org based on configured ownership rules.

Available

Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available at the fixed version the moment the upstream maintainer ships a release. For customers with auto-remediation enabled, a rebuild, regression-test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the service over the network; the AV:N vector means no local or physical access is needed.
AuthenticationNot required
No credentials or account are needed; PR:N means an unauthenticated attacker can trigger the vulnerability.
Victim interactionNot required
No user action is required; the attacker exploits the flaw without any victim needing to click, open, or approve anything.
Attack complexityDetail
Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or environmental setup.

Blast Radius

The attacker escapes the JavaScript sandbox entirely and executes arbitrary code in the host JavaScript runtime.
The attacker reads host-side data, including blocked statics, environment variables, secrets, and any in-process state accessible to the host runtime.
The attacker modifies host runtime state, altering application logic, persisted data, or in-memory structures outside the sandbox boundary.
The attacker can crash or destabilize the host process, causing full service disruption.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-43898, the platform monitors the SandboxJS advisory on every ingest cycle and will automatically make a patched-image rebuild available the moment version 0.9.6 or a later fixed release is published. For customers with auto-remediation enabled, that rebuild will trigger a regression-test run and open a PR against affected workloads without manual intervention. In the interim, compensating controls are recommended: isolate any service that executes SandboxJS-sandboxed code behind a network policy that restricts inbound access to trusted sources only, apply egress filtering to limit what the host process can reach if sandbox escape occurs, and consider a feature flag to disable untrusted code execution paths until a fix is available. The CVSS scope-changed, no-auth, no-interaction profile makes this a high-priority finding for any image that ships SandboxJS.

See how HarborGuard automates this

CVSS v3.1: 10.0
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

nyariv / SandboxJS
< 0.9.6

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References