Critical SandboxJS Escape Flaw Allows Host Code Execution in Affected Apps

A critical vulnerability in SandboxJS can allow attacker-controlled JavaScript to escape the sandbox and execute code on the host system. The flaw is tracked as CVE-2026-43898 and affects the npm package @nyariv/sandboxjs up to and including version 0.9.5. The issue has a CVSS 3.1 score of 10.0, the highest possible rating. GitHub’s advisory says the […] The post Critical SandboxJS Escape Flaw Allows Host Code Execution in Affected Apps appeared first on VPN Central.