{"vulnerability": "cve-2026-4389", "sightings": [{"uuid": "abcb862d-26fa-438f-b88d-829557d3ea11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://dnsc.ro/citeste/alerta-vulnerabilitate-critica-in-biblioteca-sandboxjs", "content": "", "creation_timestamp": "2026-05-15T04:29:28.000000Z"}, {"uuid": "037d7957-181a-4697-864f-d44ac4128c17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4389", "type": "seen", "source": "https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-4389", "content": "", "creation_timestamp": "2026-03-26T04:16:40.000000Z"}, {"uuid": "a4cdc72e-eebb-4073-8b57-7599c3e0bfdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43893", "type": "seen", "source": "Telegram/YNBAQ7wY3nDaf6oW9SS_pET1W5P-GdTLvm9dgaO_EDkfw4Y", "content": "", "creation_timestamp": "2026-05-05T09:00:04.000000Z"}, {"uuid": "6c75360c-780a-447f-93a8-3a9994152555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mmpbjord3s23", "content": "\u300cSandboxJS\u300d\u306b\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u56de\u907f\u306eRCE\u8106\u5f31\u6027\n\nJavaScript\u306e\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u5b9f\u884c\u74b0\u5883\u300cSandboxJS\u300d\u306b\u3001\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u304c\u56de\u907f\u3055\u308c\u3001\u30db\u30b9\u30c8\u4e0a\u3067\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u8106\u5f31\u6027\u304c\u5224\u660e\u3057\u305f\u3002\n\n\u300c\u540c0.9.5\u300d\u304a\u3088\u3073\u4ee5\u524d\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u8106\u5f31\u6027\u300cCVE-2026-43898\u300d\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3082\u306e\u3002\u5185\u90e8\u30e9\u30f3\u30bf\u30a4\u30e0\u30b3\u30fc\u30eb\u30d0\u30c3\u30af\u3092\u53d6\u5f97\u3067\u304d\u3001\u691c\u8a3c\u51e6\u7406\u304c\u4e0d\u5341\u5206\u3067\u3042\u308b\u305f\u3081\u3001\u30db\u30b9\u30c8\u74b0\u5883\u306e\u30b5\u30f3\u30c9\u30dc\u30c3\u30af\u30b9\u5916\u3067\u4efb\u610f\u306e\u300cJavaScript\u300d\u3092\u5b9f\u884c\u3067\u304d\u308b\u3002\n\n\u5171\u901a\u8106\u5f31\u6027\u8a55\u4fa1\u30b7\u30b9\u30c6\u30e0\u300cCVSSv3.1\u300d\u306e\u30d9\u30fc\u30b9\u30b9\u30b3\u30a2\u306f\u3001\u6700\u9ad8\u5024\u306e\u300c10.0\u300d\u3068\u8a55\u4fa1\u3055\u308c\u3066\u304a\u308a\u3001\u91cd\u8981\u5ea6\u306f4\u6bb5\u968e\u4e2d\u3082\u3063\u3068\u3082\u9ad8\u3044\u300c\u30af\u30ea...", "creation_timestamp": "2026-05-25T20:03:30.824302Z"}, {"uuid": "40e13001-3f60-4466-9f39-222677959fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-43891", "type": "published-proof-of-concept", "source": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56", "content": "", "creation_timestamp": "2026-04-27T06:34:50.000000Z"}, {"uuid": "8ae2e29e-2ae8-44de-81f2-53bfa494c5cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-43898", "type": "published-proof-of-concept", "source": "https://github.com/nyariv/SandboxJS/security/advisories/GHSA-g8f2-4f4f-5jqw", "content": "", "creation_timestamp": "2026-05-09T09:46:56.000000Z"}, {"uuid": "e7070622-3626-4ee9-888c-c038d0218b41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwsfla27o2t", "content": "CVE-2026-43898 - SandboxJS: Sandbox escape via Function.caller leakage of internal call op\nCVE ID : CVE-2026-43898\n \n Published : May 28, 2026, 6:16 p.m. | 54\u00a0minutes ago\n \n Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions e...", "creation_timestamp": "2026-05-28T19:54:07.128244Z"}, {"uuid": "28d08fb2-e93c-47b0-813e-66c8890228ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmwufhdgmv2w", "content": "SandboxJS v0.9.6\u672a\u6e80\u3067\u3001Function.caller\u7d4c\u7531\u3067LispType.Call\u306b\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u3002\u653b\u6483\u8005\u306f\u507d\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u30b3\u30fc\u30eb\u3092\u547c\u3073\u51fa\u3057\u3001\u30db\u30b9\u30c8\u306eJavaScript\u3092\u4efb\u610f\u306b\u2026\nCVE-2026-43898 CVSS 10.0 | CRITICAL", "creation_timestamp": "2026-05-28T20:29:47.539652Z"}, {"uuid": "bada9c02-9a55-4f8b-ab39-6a2b301f6fad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmwusjho4n2p", "content": "\ud83d\udccc CVE-2026-43898 - SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the... https://www.cyberhub.blog/cves/CVE-2026-43898", "creation_timestamp": "2026-05-28T20:37:06.038575Z"}, {"uuid": "4e70d65f-6121-49ef-990f-a23f297fd3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43898", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmww64tbls2n", "content": "\ud83d\udd34 CVE-2026-43898 - Critical (10)\n\nSandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Fu...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-43898/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T21:01:29.922373Z"}]}