What is the CVSS score of EUVD-2026-30086?

EUVD-2026-30086 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Is there a public PoC exploit available for EUVD-2026-30086?

Yes, a public proof-of-concept exploit is available for EUVD-2026-30086. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2026-30086?

Within 24 hours: Inventory all applications and dependencies using vm2 (npm audit, SCA tools, package.json review across development and production environments). Within 7 days: Upgrade all instances to vm2 version 3.11.3 or later and validate in staging environments. Within 30 days: Confirm all production systems are running 3.11.3+, implement WAF rules to block suspicious vm2 requests where applicable, and enable audit logging for code execution endpoints.

vm2 EUVD-2026-30086

Q: Which versions of vm2 are affected by EUVD-2026-30086?

vm2 versions prior to 3.11.3 contain a critical sandbox escape vulnerability enabling remote code execution on the host Node.js process; publicly available exploit code exists for this vulnerability.. A patch is available.

| CVE-2026-45411 CRITICAL

Exposure of Resource to Wrong Sphere (CWE-668)

2026-05-13 GitHub_M

GHSA-248r-7h7q-cr24

Information Disclosure Node.js Vm2 Red Hat

9.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Red Hat

9.8 HIGH

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Source Code Evidence Fetched

Jun 08, 2026 - 08:26 vuln.today

Analysis Generated

Jun 08, 2026 - 08:26 vuln.today

Patch available

May 13, 2026 - 19:17 EUVD

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

22 npm packages depend on vm2 (5 direct, 17 indirect)

Ecosystem-wide dependent count for version 3.11.3.

DescriptionGitHub Advisory

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the runtime and passed to the yield* iterator as the next value. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.3.

AnalysisAI

Sandbox escape in vm2 (patriksimek/vm2) versions prior to 3.11.3 enables remote code execution on the host Node.js process by abusing async generator yield* semantics to smuggle a host-realm exception into sandbox code, where the attacker pivots through .constructor.constructor to reach process and child_process.execSync. The flaw is exploitable by any attacker who can run JavaScript inside the sandbox, has publicly available exploit code, and carries SSVC technical impact 'total' with automatable=yes, though EPSS remains low at 0.05% (17th percentile) and the CVE is not listed in CISA KEV.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Submit JavaScript to vm2-backed endpoint

Delivery

Define async generator with yield* to no-return iterator

Exploit

Call i.return(thenable) with throwing .then under deep recursion

Install

V8 PromiseResolveThenableJob captures host-realm RangeError

Pivot via e.constructor.constructor('return process')()

Execute

Invoke child_process.execSync for RCE

Impact

Execute arbitrary commands as Node.js host user

Recon

Submit JavaScript to vm2-backed endpoint

Delivery

Define async generator with yield* to no-return iterator

Exploit

Call i.return(thenable) with throwing .then under deep recursion

Install

V8 PromiseResolveThenableJob captures host-realm RangeError

Pivot via e.constructor.constructor('return process')()

Execute

Invoke child_process.execSync for RCE

Impact

Execute arbitrary commands as Node.js host user

Vulnerability AssessmentAI

Exploitation	Exploitation requires that the target application (a) embeds vm2 at version <= 3.11.2 and (b) evaluates attacker-controlled JavaScript inside a `new VM().run(...)` (or equivalent `NodeVM`) sandbox - i.e., the application's threat model already trusts vm2 to contain hostile code. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Signals diverge: CVSS 9.8 (AV:N/AC:L/PR:N/UI:N/C:H/I:H/A:H) and SSVC (exploitation=poc, automatable=yes, technical impact=total) both rate this critical, and a working PoC is published on GitHub Gist, yet EPSS is only 0.05% (17th percentile) and the CVE is not in CISA KEV. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A SaaS application that uses vm2 to evaluate user-supplied JavaScript (e.g., custom transform rules, formula fields, plugin code, or a code-execution playground) accepts a payload that defines an async generator delegating via `yield*` to an iterator without a `return` method, then calls `i.return(thenable)` while triggering deep recursion to provoke a host-realm `RangeError`; the attacker uses binary search to locate the precise depth and pivots through `e.constructor.constructor('return process')()` to obtain Node's `process` and call `child_process.execSync` for arbitrary command execution. A complete working PoC is published in the GHSA advisory and as a GitHub Gist, so weaponisation effort is minimal.
Remediation	Vendor-released patch: vm2 3.11.3 - upgrade immediately via `npm install vm2@3.11.3` or equivalent lockfile update, per the GHSA-248r-7h7q-cr24 advisory (https://github.com/patriksimek/vm2/security/advisories/GHSA-248r-7h7q-cr24) and the fix commit 093494c0c3ef2390d2e56909f9d56e290e6f18b0. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all applications and dependencies using vm2 (npm audit, SCA tools, package.json review across development and production environments). …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53633 CRITICAL Act Now

9.8 Jun 15

Remote code execution in Vitest Browser Mode (npm @vitest/browser 3.0.0-3.2.4, 4.0.0-4.1.7, 5.0.0-beta.0-5.0.0-beta.3) a

CVE-2026-48714 CRITICAL Act Now

9.1 Jun 15

Remote prototype pollution in i18next-http-middleware before 3.9.7 allows unauthenticated attackers to write to Object.p

CVE-2026-53609 CRITICAL Act Now

9.1 Jun 12

Prototype pollution in ApostropheCMS versions up to and including 4.30.0 allows an authenticated editor to poison Object

CVE-2026-48054 HIGH This Week

8.8 Jun 11

Code injection in OpenZeppelin Contracts Wizard's `@openzeppelin/wizard` npm package (<=0.10.8) allows attacker-supplied

CVE-2026-53608 HIGH This Week

8.7 Jun 12

Stored cross-site scripting in the @apostrophecms/seo plugin (versions ≤1.4.2) allows any user holding the default edito

Vendor StatusVendor

EUVD-2026-30086 vulnerability details – vuln.today

Back

vm2 EUVD-2026-30086

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

Blast Radius

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code