5.7 Million Users at Risk: Multiple 9.8 CVSS Breakthroughs Enable Remote Code Execution in vm2 Sandbox
Ddos 
The popular Node.js library vm2, a sandbox designed to run untrusted code with restricted access to built-in modules, is facing a security crisis. With over 5.7 million monthly downloads, the library has become a central target for researchers and attackers alike.
Recent disclosures have unveiled a series of critical “sandbox breakout” vulnerabilitiesβall carrying a CVSS score of 9.8βthat allow attackers to escape the restricted environment and execute arbitrary commands on the host system.
One of the most sophisticated flaws, CVE-2026-26956, specifically targets Node.js v25 users. While vm2 relies on JavaScript-level mechanisms to wrap host errors and proxy cross-context objects, WebAssembly (WASM) operates at a deeper level.
By using WASM’s try_table instruction, an attacker can catch JavaScript exceptions at V8’s C++ level, entirely bypassing the library’s handleException() sanitization. This allows a host-realm TypeError to reach the attacker’s code unsanitized. From there, the attacker can traverse the constructor chain (hostError.constructor.constructor) to acquire a Function that returns the host process object, leading to full code execution.
The report details several other creative methods used to dismantle the sandbox’s “bridge” between the host and the isolated code:
- The Promise Species Bypass (CVE-2026-24120): A previous fix intended to reset the species property of promises back to a known value was found to be insufficient. Attackers can simply overwrite [].includes or Object.defineProperty to prevent the reset from occurring, effectively circumventing the security control.
- The Inspect Leak (CVE-2026-24781): The Node.js inspect method, which logs object details, unwraps proxies to see internal data. Attackers can use the this.seen property of the stylize function to extract the internal proxy handler of vm2. This allows them to bypass the proxy bridge and read raw host objects from the sandbox.
- The Getter Gambit (CVE-2026-24118): This flaw exploits the __lookupGetter__ method. By utilizing the host’s apply method via Buffer.apply, an attacker can access getters in the host context. This chain eventually leads to the host’s Function.prototype, allowing the creation of code that runs directly on the host machine.
The vm2 maintainers have released several patches in rapid succession to address these bypasses. Because all five vulnerabilities allow for Remote Code Execution (RCE) under the assumption that arbitrary code can be run inside the sandbox, organizations are urged to update to vm2 version 3.11.0 immediately.
For developers using Node.js v25, the WASM-based escape (CVE-2026-26956) is particularly potent, and they should verify their patch level is at least v3.10.5.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
