What is the CVSS score of CVE-2026-22709?

CVE-2026-22709 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Node.js are affected by CVE-2026-22709?

CVE-2026-22709 is a critical vulnerability in vm2 that allows attackers to bypass sandbox protections through Promise callback manipulation, potentially enabling arbitrary code execution.. A patch is available.

Is there a public PoC exploit available for CVE-2026-22709?

Yes, a public proof-of-concept exploit is available for CVE-2026-22709. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-22709?

Within 24 hours: Identify all systems running vm2 and assess exposure to untrusted code inputs; communicate status to leadership. Within 7 days: Apply vendor patch to upgrade vm2 to version 3.10.2 or later across all affected environments; validate patch deployment. Within 30 days: Conduct security audit of vm2 usage patterns, review access logs for exploitation attempts, and implement monitoring for Promise-based attack vectors.

Node.js CVE-2026-22709

CRITICAL

Code Injection (CWE-94)

2026-01-26 security-advisories@github.com

GHSA-99p7-6v5w-7xg8

Node.js Vm2

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

PoC Detected

Feb 17, 2026 - 20:59 vuln.today

Public exploit code

Patch released

Feb 17, 2026 - 20:59 nvd

Patch available

CVE Published

Jan 26, 2026 - 22:15 nvd

CRITICAL 9.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

13 npm packages depend on vm2 (3 direct, 10 indirect)

Ecosystem-wide dependent count for version 3.10.2.

DescriptionGitHub Advisory

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of localPromise.prototype.then is sanitized, but globalPromise.prototype.then is not sanitized. The return value of async functions is globalPromise object. Version 3.10.2 fixes the issue.

AnalysisAI

Sandbox escape in vm2 Node.js sandbox before 3.10.2 via Promise.prototype.then/catch callback sanitization bypass. PoC and patch available.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Define async function returning globalPromise

Exploit

Attach unsanitized callback to Promise.then

Execution

Callback executes outside sandbox context

Impact

Execute arbitrary Node.js code

Access

Define async function returning globalPromise

Exploit

Attach unsanitized callback to Promise.then

Execution

Callback executes outside sandbox context

Impact

Execute arbitrary Node.js code

Vulnerability AssessmentAI

Exploitation	vm2 version prior to 3.10.2 with default sandbox configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.8. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker crafts code using Promise callbacks to escape the vm2 sandbox and execute arbitrary code in the host Node.js process.
Remediation	Update to vm2 3.10.2. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running vm2 and assess exposure to untrusted code inputs; communicate status to leadership. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53633 CRITICAL Act Now

9.8 Jun 15

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) a

CVE-2026-48714 CRITICAL Act Now

9.1 Jun 15

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p

CVE-2026-53609 CRITICAL Act Now

9.1 Jun 12

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object

CVE-2026-48054 HIGH This Week

8.8 Jun 11

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied

CVE-2026-53608 HIGH This Week

8.7 Jun 12

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default edito

CVE-2026-22709 vulnerability details – vuln.today

Back

Node.js CVE-2026-22709

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

Blast Radius

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Share

External POC / Exploit Code