Skip to main content

vm2 CVE-2026-26332

| EUVDEUVD-2026-26993 CRITICAL
Code Injection (CWE-94)
2026-05-04 GitHub_M GHSA-55hx-c926-fr95
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
10.0 CRITICAL

Untrusted code in the sandbox needs no host auth (PR:N) and a reliable PoC makes it low-complexity (AC:L); escape from sandbox to host is a scope change (S:C) yielding full host compromise (C/I/A:H).

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Red Hat
9.1 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

11
Analysis Updated
Jun 30, 2026 - 03:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 03:40 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 03:24 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 03:24 NVD
9.8 (CRITICAL) 10.0 (CRITICAL)
Patch available
May 04, 2026 - 18:32 EUVD
Source Code Evidence Fetched
May 04, 2026 - 17:45 vuln.today
Analysis Generated
May 04, 2026 - 17:45 vuln.today
Patch released
May 04, 2026 - 17:16 nvd
Patch available
EUVD ID Assigned
May 04, 2026 - 17:15 euvd
EUVD-2026-26993
Analysis Generated
May 04, 2026 - 17:15 vuln.today
CVE Published
May 04, 2026 - 16:35 nvd
CRITICAL 9.8

DescriptionNVD

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.

AnalysisAI

Sandbox escape leading to remote code execution in the vm2 Node.js sandbox library affects all versions prior to 3.11.0, where the JavaScript SuppressedError mechanism (combined with DisposableStack disposal) lets untrusted code running inside the sandbox reach a host constructor and execute arbitrary commands on the underlying server. Any application that relies on vm2 to safely run attacker-controlled or untrusted JavaScript is fully compromised, with a working proof-of-concept published in the GHSA advisory. There is publicly available exploit code but no confirmed active exploitation; the SSVC framework rates it POC, automatable, with total technical impact, while EPSS remains low at 0.06%.

Technical ContextAI

vm2 (npm package 'vm2', CPE cpe:2.3:a:patriksimek:vm2) is a widely used Node.js library designed to execute untrusted JavaScript in an isolated context with controlled access to host resources - it is the security boundary itself, so any escape is critical. The root cause is CWE-94 (Improper Control of Generation of Code / code injection) realized as a sandbox-escape primitive: the ECMAScript SuppressedError object, produced when multiple disposers in a DisposableStack throw during dispose(), carries a 'suppressed' error reference whose prototype chain was not fully sanitized by vm2's bridge. By manipulating an Error's name to a Symbol and triggering stack evaluation, the attacker obtains an un-sanitized error object, walks e.suppressed.constructor.constructor to reach the host realm's Function constructor, and from there retrieves the real process object and child_process to run shell commands. This is one of 13 advisories closed in the v3.11.0 coordinated release, several of which are full sandbox-escape RCE primitives stemming from incomplete prototype/intrinsic sanitization across realm boundaries.

RemediationAI

Vendor-released patch: vm2 3.11.0 - upgrade immediately to 3.11.0 or later, which closes this SuppressedError escape along with 12 other advisories in a coordinated security release (commits 119fd0aa, 4cb82cc9, and others referenced in GHSA-55hx-c926-fr95). Because vm2's entire purpose is isolating untrusted code and multiple independent escape primitives were just disclosed, upgrading is the only robust fix; partial workarounds are unreliable. If you cannot patch instantly, the most effective compensating control is to stop feeding attacker-controlled or untrusted JavaScript into vm2 until the upgrade lands - disable or gate any feature that lets external input reach vm.run(), at the cost of losing that functionality temporarily. Given the long history of vm2 sandbox escapes, strongly consider migrating untrusted-code execution to a process- or VM-level isolation boundary (e.g. isolated-vm, a separate hardened worker process, gVisor/container, or a serverless sandbox), which provides a real OS-enforced boundary rather than an in-process JavaScript one. Refer to the GHSA advisory (https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95) and the v3.11.0 release notes for the full advisory set.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Vendor StatusVendor

Share

CVE-2026-26332 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy