Product
SandboxJS is vulnerable to a sandbox escape (CVE-2026-43898); by exploiting the `Function.caller` property, sandboxed code can access the internal `LispType.Call` runtime callback, which allows an attacker to manipulate the context and arguments of the callback, leading to the execution of arbitrary host JavaScript and a complete sandbox escape.