Skip to main content

vm2 CVE-2026-24781

| EUVDEUVD-2026-26987 CRITICAL
Code Injection (CWE-94)
2026-05-04 GitHub_M GHSA-v37h-5mfm-c47c
9.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
8.1 HIGH
qualitative

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Patch available
May 04, 2026 - 18:32 EUVD
Source Code Evidence Fetched
May 04, 2026 - 17:46 vuln.today
Analysis Generated
May 04, 2026 - 17:46 vuln.today
Patch released
May 04, 2026 - 17:16 nvd
Patch available
EUVD ID Assigned
May 04, 2026 - 17:15 euvd
EUVD-2026-26987
Analysis Generated
May 04, 2026 - 17:15 vuln.today
CVE Published
May 04, 2026 - 16:33 nvd
CRITICAL 9.8

DescriptionCVE.org

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.

AnalysisAI

Remote code execution in vm2 (Node.js sandbox library) versions prior to 3.11.0 allows unauthenticated attackers to escape the sandbox environment via the inspect function and execute arbitrary system commands. The vulnerability exploits handler leakage through util.inspect's showProxy option to reconstruct host-realm objects and break isolation guarantees. CRITICAL: This is a complete sandbox bypass affecting all deployments using vm2 for untrusted code execution. Vendor-released patch available in version 3.11.0 with multiple commits addressing eight distinct exploitation primitives discovered during iterative disclosure.

Technical ContextAI

vm2 (cpe:2.3:a:patriksimek:vm2) is a popular Node.js library providing sandboxed JavaScript execution environments, widely used for running untrusted code in server-side applications, plugin systems, and code evaluation platforms. The vulnerability stems from CWE-94 (Improper Control of Generation of Code) in the sandbox's isolation boundary. When Node.js's util.inspect function is invoked with showProxy:true on specially crafted objects combining Buffer.prototype methods (slice, inspect, hexSlice) with custom stylize callbacks, the internal proxy handler object leaks into the inspection context's 'this.seen' array. This leaked handler exposes privileged methods (objectWrapper, fromOtherWithContext, doPreventExtensions, getFactory, direct trap access, reduce-bind chains) that can reconstruct host-realm Function constructors, bypassing the sandbox's prototype isolation. The vendor's test suite documents eight distinct exploitation chains (PoCs #1-8) discovered through iterative security research, with commits 8d30d93, bdd3d15, and fd266d0 addressing different primitive access paths. The vulnerability requires Node.js ≤22 to trigger the Buffer.prototype.inspect harvest path; Node 24+ inadvertently mitigates through stricter argument validation, though the underlying architectural flaw exists across all versions before 3.11.0.

RemediationAI

Upgrade immediately to vm2 version 3.11.0 or later (released at https://github.com/patriksimek/vm2/releases/tag/v3.11.0). The patch comprises three commits: 8d30d93213c1898b3e035298b89a814970dd1189 (test coverage for PoCs #1-6), bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c (core handler isolation fix), and fd266d084e0a3322d0f71ba2a8dc4c96cd030228 (additional hardening). No workarounds exist for a sandbox escape vulnerability - the security model depends entirely on the isolation boundary vm2 failed to enforce. Compensating controls are insufficient: input validation cannot prevent exploitation when the attacker controls code execution within the sandbox, network segmentation only limits post-exploitation lateral movement but does not prevent initial host compromise, and disabling specific Node.js APIs (util.inspect, Buffer methods) breaks legitimate vm2 functionality while attackers demonstrated eight distinct primitives suggesting additional undiscovered paths. Organizations unable to upgrade immediately must migrate to alternative sandboxing solutions (isolated-vm with V8 isolate-level separation, Docker/container-based code execution environments, or WebAssembly sandboxes) or cease accepting untrusted code for execution. Scanning npm dependency trees for 'vm2': <3.11.0 is critical given transitive dependency risk in plugin architectures.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Vendor StatusVendor

Share

CVE-2026-24781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy