Skip to main content

CWE-913

Improper Control of Dynamically-Managed Code Resources

57 CVEs Avg CVSS 7.6 MITRE
22
CRITICAL
18
HIGH
11
MEDIUM
5
LOW
16
POC
0
KEV

Monthly

CVE-2026-47210 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47137 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.2%
CVE-2026-47208 npm CRITICAL PATCH GHSA Act Now

Remote code execution in the vm2 Node.js sandbox library (versions <= 3.11.3) allows sandboxed JavaScript to escape isolation and execute arbitrary commands on the host. The flaw stems from a missing resetPromiseSpecies call in the localPromise swallow tail, letting a sandbox subclass hijack Promise species resolution and capture a raw host-realm RangeError that exposes the host Function constructor. Publicly available exploit code exists (POC published in the advisory), though no public exploit identified at time of analysis as actively exploited in the wild; given vm2's heavy use as an untrusted-code sandbox in SaaS, CI, and serverless platforms, this is a top-priority issue.

RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.5%
CVE-2026-47131 npm CRITICAL PATCH GHSA Act Now

Sandbox escape in the vm2 Node.js sandbox library (versions <= 3.11.3) allows untrusted JavaScript executed inside a vm2 VM to reach the host realm and achieve arbitrary code execution. By chaining Buffer.call.call indirection with __lookupGetter__/__lookupSetter__ to obtain host Object.prototype.__proto__ accessors and using a WebAssembly.compileStreaming rejection to surface a host TypeError, an attacker severs a host prototype chain, causing the bridge's proto-walk to return the raw host error unwrapped - yielding e.constructor.constructor as host Function and full RCE. Publicly available exploit code exists (advisory ships a working PoC); CVSS is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Node.js RCE Red Hat
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-48700 CRITICAL Monitor

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution or circumvent network namespace restrictions. NOTE: those outcomes are potentially unwanted by most users; however, the behavior of the product does comply with the applicable specification, and a simplistic solution (ensuring that the URI does not name a regular file) may have adverse consequences for I/O.

RCE Pcmanfm Qt Suse
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-34156 npm CRITICAL POC PATCH NEWS GHSA Act Now

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated low-privilege attackers to escape Node.js vm sandbox and execute arbitrary commands as root inside Docker containers. The vulnerability exploits exposed WritableWorkerStdio stream objects in the sandbox console to traverse the prototype chain, access the host-realm Function constructor, load unrestricted Node.js modules (child_process), and spawn system commands. Confirmed exploited with reverse shell access, database credential theft (DB_PASSWORD, INIT_ROOT_PASSWORD), and arbitrary filesystem operations. EPSS data not available; public exploit code exists with detailed proof-of-concept demonstrating root shell access in nocobase/nocobase:latest Docker image. Critical 10.0 CVSS score reflects network-exploitable, low-complexity attack with complete confidentiality, integrity, and availability impact plus scope change (container escape implications).

Node.js RCE Docker Debian
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.9
EPSS
5.2%
CVE-2026-33286 Ruby CRITICAL PATCH Act Now

A critical arbitrary method execution vulnerability affects Graphiti's JSONAPI write functionality, allowing attackers to invoke any public method on underlying model instances, classes, or associations through crafted JSONAPI payloads. Applications using Graphiti (a Ruby gem for building JSON:API compliant APIs) that expose write endpoints to untrusted users are affected, particularly versions prior to 1.10.2. The vulnerability scores CVSS 9.1 (Critical) with network-based exploitation requiring no authentication or user interaction, enabling both high integrity and availability impacts.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-69219 PyPI HIGH PATCH This Week

Airflow Providers Http is affected by improper control of dynamically-managed code resources (CVSS 8.8).

RCE Airflow Providers Http
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25049 npm CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection Node.js AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-1770 Maven PATCH Monitor

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

RCE Command Injection
NVD
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows arbitrary code execution in the Node.js host process when untrusted code is run on runtimes exposing WebAssembly JSPI (Node 24 with --experimental-wasm-jspi, or Node 26+ by default). A working PoC demonstrates that a JSPI-backed Promise reaches host-realm Promise.prototype.finally without bridge interposition, letting attacker-controlled species logic walk a rejection object's constructor chain to host process and execute arbitrary commands. No public exploit identified as actively used in the wild, but a complete weaponized PoC is published in the GHSA advisory.

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in vm2 (npm package, versions <= 3.11.3) allows full remote code execution by bypassing the GHSA-8hg8-63c5-gwmx (CVE-2023-37903) patch through omission of the require option when nesting:true is set. Publicly available exploit code exists in the GHSA advisory itself, and with a CVSS of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C) any application passing untrusted code to a NodeVM configured this way is trivially compromised on the host.

RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in the vm2 Node.js sandbox library (versions <= 3.11.3) allows sandboxed JavaScript to escape isolation and execute arbitrary commands on the host. The flaw stems from a missing resetPromiseSpecies call in the localPromise swallow tail, letting a sandbox subclass hijack Promise species resolution and capture a raw host-realm RangeError that exposes the host Function constructor. Publicly available exploit code exists (POC published in the advisory), though no public exploit identified at time of analysis as actively exploited in the wild; given vm2's heavy use as an untrusted-code sandbox in SaaS, CI, and serverless platforms, this is a top-priority issue.

RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Sandbox escape in the vm2 Node.js sandbox library (versions <= 3.11.3) allows untrusted JavaScript executed inside a vm2 VM to reach the host realm and achieve arbitrary code execution. By chaining Buffer.call.call indirection with __lookupGetter__/__lookupSetter__ to obtain host Object.prototype.__proto__ accessors and using a WebAssembly.compileStreaming rejection to surface a host TypeError, an attacker severs a host prototype chain, causing the bridge's proto-walk to return the raw host error unwrapped - yielding e.constructor.constructor as host Function and full RCE. Publicly available exploit code exists (advisory ships a working PoC); CVSS is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Node.js RCE Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Monitor

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution or circumvent network namespace restrictions. NOTE: those outcomes are potentially unwanted by most users; however, the behavior of the product does comply with the applicable specification, and a simplistic solution (ensuring that the URI does not name a regular file) may have adverse consequences for I/O.

RCE Pcmanfm Qt Suse
NVD GitHub VulDB
EPSS 5% CVSS 9.9
CRITICAL POC PATCH Act Now

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated low-privilege attackers to escape Node.js vm sandbox and execute arbitrary commands as root inside Docker containers. The vulnerability exploits exposed WritableWorkerStdio stream objects in the sandbox console to traverse the prototype chain, access the host-realm Function constructor, load unrestricted Node.js modules (child_process), and spawn system commands. Confirmed exploited with reverse shell access, database credential theft (DB_PASSWORD, INIT_ROOT_PASSWORD), and arbitrary filesystem operations. EPSS data not available; public exploit code exists with detailed proof-of-concept demonstrating root shell access in nocobase/nocobase:latest Docker image. Critical 10.0 CVSS score reflects network-exploitable, low-complexity attack with complete confidentiality, integrity, and availability impact plus scope change (container escape implications).

Node.js RCE Docker +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

A critical arbitrary method execution vulnerability affects Graphiti's JSONAPI write functionality, allowing attackers to invoke any public method on underlying model instances, classes, or associations through crafted JSONAPI payloads. Applications using Graphiti (a Ruby gem for building JSON:API compliant APIs) that expose write endpoints to untrusted users are affected, particularly versions prior to 1.10.2. The vulnerability scores CVSS 9.1 (Critical) with network-based exploitation requiring no authentication or user interaction, enabling both high integrity and availability impacts.

Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Airflow Providers Http is affected by improper control of dynamically-managed code resources (CVSS 8.8).

RCE Airflow Providers Http
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

n8n workflow automation platform has an authenticated code execution vulnerability (CVSS 9.9) through improper runtime behavior modification, enabling server takeover.

RCE Command Injection Code Injection +3
NVD GitHub
EPSS 0%
PATCH Monitor

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

RCE Command Injection
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy