Skip to main content

vm2 CVE-2026-26956

| EUVDEUVD-2026-26995 CRITICAL
Protection Mechanism Failure (CWE-693)
2026-05-04 GitHub_M GHSA-ffh4-j6h5-pg66
9.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Red Hat
9.8 HIGH
qualitative

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
May 04, 2026 - 17:46 vuln.today
Analysis Generated
May 04, 2026 - 17:46 vuln.today
EUVD ID Assigned
May 04, 2026 - 17:15 euvd
EUVD-2026-26995
Analysis Generated
May 04, 2026 - 17:15 vuln.today
CVE Published
May 04, 2026 - 16:37 nvd
CRITICAL 9.8

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 11 npm packages depend on vm2 (1 direct, 10 indirect)

Ecosystem-wide dependent count for version 3.10.5.

DescriptionCVE.org

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.

AnalysisAI

Full sandbox escape with arbitrary code execution allows remote attackers to break out of vm2's Node.js sandbox environment (version 3.10.4) and execute commands on the host system. Attacker-controlled code running inside VM.run() can obtain the host process object and execute arbitrary host commands without any cooperation from the host application. EPSS data not available, but this represents complete failure of the sandbox security boundary. Patch released in version 3.10.5 addresses eleven distinct escape vectors including Function constructor leakage, proxy unwrapping, util.inspect exposure, and WebAssembly exception handling.

Technical ContextAI

vm2 (cpe:2.3:a:patriksimek:vm2:*:*:*:*:*:*:*:*) is a Node.js library designed to provide sandboxed JavaScript execution environments. The vulnerability stems from CWE-693 (Protection Mechanism Failure) - specifically, multiple failures in the isolation boundary between guest and host JavaScript contexts. Version 3.10.4 contains at least eleven distinct escape paths discovered during remediation, including: Function constructor access via getOwnPropertyDescriptor, proxy handler exploitation, exposure of internal bridge methods (doPreventExtensions, getFactory) through util.inspect, nested property descriptor manipulation, SuppressedError object leakage, direct handler.get() calls, and WebAssembly.JSTag exception handling in Node 25. The sandbox relied on prototype manipulation and context isolation that could be bypassed through creative use of JavaScript reflection APIs and Node.js internals.

RemediationAI

Upgrade immediately to vm2 version 3.10.5 or later (https://github.com/patriksimek/vm2/releases/tag/v3.10.5). The patched version implements comprehensive fixes for eleven distinct sandbox escape vectors including Function constructor blocking across all access paths, proxy unwrapping prevention, util.inspect internal method sanitization, SuppressedError sub-error sanitization, and WebAssembly.JSTag blocking for Node 25 environments. No workarounds exist for version 3.10.4 - the sandbox security boundary is fundamentally broken. If immediate upgrade is impossible, disable all vm2-based code execution features until patching is complete. For defense in depth post-patch, run Node.js processes using vm2 with OS-level sandboxing (containers, seccomp, AppArmor) and minimal filesystem/network privileges, though this does not address the application-level escape. Refer to GHSA-ffh4-j6h5-pg66 for complete advisory details.

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Vendor StatusVendor

Share

CVE-2026-26956 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy