A critical security flaw has been discovered in SandboxJS, a widely used JavaScript sandboxing library distributed through npm. Tracked as CVE-2026-43898, the vulnerability carries a perfect CVSS score of 10.0, the highest possible severity rating, and allows attackers to completely break out of the sandbox and execute arbitrary code directly on the underlying host system. […]
The post Critical SandboxJS Flaw Enables Host System Takeover appeared first on Cyber Security News.