Description
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.
Published: 2026-01-26
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Executing arbitrary code outside the vm2 sandbox
Action: Patch Immediately
AI Analysis

Impact

vm2 provides an isolated environment for executing JavaScript code within Node.js. In versions prior to 3.10.2, the library sanitizes the callback of local Promise objects but not that of the global Promise prototype. As a result, an attacker can craft a Promise chain that bypasses the sanitization routine, causing code to run outside the intended sandbox boundaries. This vulnerability is an instance of improper resource limitation, contextual integrity violation, and command injection as identified by Common Weakness Enumerations 693, 913, and 94 respectively. The escalation enables unrestricted execution of malicious payloads, potentially compromising confidentiality, integrity, and availability of the host system.

Affected Systems

Any installation of the patriksimek:vm2 project on Node.js that uses a version earlier than 3.10.2 is subject to this flaw. The vulnerability is tied specifically to the vm2 sandbox component and does not affect other parts of the Node.js runtime unless they incorporate the unpatched vm2 dependency.

Risk and Exploitability

The flaw carries a CVSS score of 9.8, indicating critical severity, while the EPSS suggests a very low, yet non-zero probability of exploitation (<1%). The vulnerability is not listed in the CISA KEV catalog. Exploitation would generally require an attacker to supply malicious JavaScript to a sandboxed environment, a scenario common in npm package execution or plugin systems. Once the unsanitized global Promise is invoked, the attacker gains control to execute arbitrary code on the host Node.js process.

Generated by OpenCVE AI on April 18, 2026 at 02:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure all dependencies use vm2 version 3.10.2 or later by updating the package through npm or yarn.
  • If an immediate upgrade is not feasible, audit the code paths that instantiate vm2 sandboxes and remove any usage of Promise chains or disable the Promise prototype within the sandbox configuration.
  • As a temporary containment, restrict the sandbox to trusted code only and monitor for anomalous Promise activity until a patch can be applied.

Generated by OpenCVE AI on April 18, 2026 at 02:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-99p7-6v5w-7xg8 vm2 has a Sandbox Escape
History

Tue, 17 Feb 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Mon, 26 Jan 2026 21:45:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.
Title vm2 has a Sandbox Escape
Weaknesses CWE-693
CWE-913
CWE-94
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-27T21:42:27.920Z

Reserved: 2026-01-08T19:23:09.857Z

Link: CVE-2026-22709

cve-icon Vulnrichment

Updated: 2026-01-27T21:42:24.536Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-26T22:15:55.890

Modified: 2026-02-17T20:59:29.590

Link: CVE-2026-22709

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T02:45:27Z

Weaknesses