Description
vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
Published: 2026-05-04
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows code executed within the VM.run() context to obtain a reference to the host process object and invoke arbitrary host commands without any host side‑by‑side cooperation. This results in a full escape from the intended sandbox, giving an attacker the same privileges as the Node.js process, which can lead to compromise of the entire host system.

Affected Systems

The affected component is patriksimek's vm2 JavaScript sandbox library for Node.js. Version 3.10.4 is vulnerable; the issue was addressed and fixed in version 3.10.5. No specific Node.js runtime version is mentioned in the advisory, although the title references Node 25.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating critical severity. EPSS data indicates a very low but nonzero exploitation probability, and the lack of a KEV listing suggests exploitation has not yet been observed in the wild. The likely attack vector involves an attacker supplying malicious content to the VM.run() method, which can obtain a host process handle and execute arbitrary system commands rooted in the Node.js runtime.

Generated by OpenCVE AI on May 8, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update vm2 to version 3.10.5 or later to apply the vendor fix.
  • If an upgrade is not immediately feasible, remove or tightly restrict calls to VM.run() in production code to prevent untrusted JavaScript from reaching the sandbox.
  • Conduct a security review of any remaining untrusted execution paths, ensuring proper input validation, least‑privilege execution, and addressing both the input validation weaknesses (CWE‑693) and the privilege escalation risks (CWE‑653) as part of the mitigation.
  • Apply the vendor recommended remediation for CWE‑653 by reviewing VM.run() usage patterns for any unintended elevation of privileges and documenting any environment variable or file system access paths that could facilitate a sandbox escape.

Generated by OpenCVE AI on May 8, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-ffh4-j6h5-pg66 VM2 Has a WASM Sandbox Escape (Node 25 only)
History

Fri, 08 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Fri, 08 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-653
References
Metrics threat_severity

None

 threat_severity

Critical

Tue, 05 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.
Title vm2: WASM Sandbox Escape (Node 25 only)
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T13:10:04.497Z

Reserved: 2026-02-16T22:20:28.611Z

Link: CVE-2026-26956

cve-icon Vulnrichment

Updated: 2026-05-05T13:09:47.871Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T17:16:22.553

Modified: 2026-05-08T19:15:17.833

Link: CVE-2026-26956

cve-icon Redhat

Severity : Critical

Publid Date: 2026-05-04T16:37:31Z

Links: CVE-2026-26956 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T02:00:06Z

Weaknesses