SandboxJS patches critical sandbox escape via global object mutation

TL;DR — A critical SandboxJS bypass lets untrusted sandboxed code mutate host global objects, breaking isolation and persisting across sandbox runs in the same process.

What happened

SandboxJS is a JavaScript sandboxing library used to run untrusted code while attempting to restrict access to dangerous capabilities. CVE-2026-34208 describes a sandbox-integrity escape where SandboxJS’s protection that blocks direct assignment to global objects can be bypassed via an exposed callable constructor path: this.constructor.call(target, attackerObject).

Per the CVE record, this works because this.constructor resolves to an internal SandboxGlobal function and Function.prototype.call is allowed, enabling attacker-controlled code to write arbitrary properties into host global objects and persist those mutations across sandbox instances in the same process.

This is operationally notable because “in-process sandboxing” failures are often cross-tenant / cross-request blast-radius multipliers: once shared globals are poisoned, subsequent sandbox executions and host logic can inherit attacker-controlled behavior in surprising ways.

Who is impacted

• Any application that uses SandboxJS to execute attacker-influenced or untrusted JavaScript (e.g., user-defined rules, templates, plug-in code, “code runner” features).
• Deployments running versions reported as affected in the CVE record (< 0.8.36).
• Multi-tenant services are higher risk because process-wide global mutations can impact other users’ executions in the same runtime.

What to do now

• Follow vendor remediation guidance and apply the latest patched release available at the time of writing.

  "This vulnerability is fixed in 0.8.36."

• Inventory where SandboxJS is used in production (lockfiles, SBOM/SCA results, container images, deployed artifacts) and prioritize services that run untrusted code.
• Treat this as a sandbox-boundary break, not “just a bug”:
  • Re-evaluate trust boundaries around any “user script” / “rule engine” / “expression” features implemented with in-process JS execution.
  • If you must run untrusted code, consider additional isolation layers (separate process/container, reduced privileges, and strict egress controls) to limit blast radius if sandbox guarantees fail.
• If compromise is suspected, review for unexpected global-state mutations and rotate secrets accessible to the impacted runtime (since poisoned globals can alter downstream security checks and sensitive execution paths).