CVE-2026-43998 - Vulnerability Details

- vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape

Description

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.

Published: 2026-05-13

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

vm2’s NodeVM implementation enforces a require.root limit to confine module loading, but the check uses path.resolve() which does not dereference symlinks. A malicious user can therefore create a symlink that points outside the intended root, tricking the Node.js require system into loading host modules. This bypass leads to remote code execution and is formally classified under CWE-59, Path Traversal.

Affected Systems

The vulnerability applies to the open‑source sandbox library vm2 from patriksimek. Versions up to and including 3.10.5 are affected. The fix is bundled in release 3.11.0 and later.

Risk and Exploitability

The CVSS score of 8.5 indicates a high risk, and while the EPSS score is not available, the lack of a KEV listing does not diminish the threat. An attacker executing code inside the sandbox can exploit the symlink bypass to load arbitrary modules from the host environment, effectively achieving remote code execution. The attack requires access to the sandbox’s require.api; no network component is involved, so it is a local privilege escalation within the context of the running process.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

patriksimek

vm2

affected

Version	Status	Constraints
`3.10.5`	affected	—

Configuration 1 [-]

cpe:2.3:a:vm2_project:vm2:3.10.5:*:*:*:*:node.js:*:*

No data.

Vendor Product Confidence Versions

Patriksimek

Vm2

100%

Version	Status	Scheme	Platform
`3.10.5`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade vm2 to version 3.11.0 or later, which removes the symlink bypass.
If an upgrade is temporarily infeasible, reconfigure NodeVM to use a restrictive require.root that points to an isolated directory and disable or remove any symlinked paths that could be leveraged to escape.
Ensure the host filesystem restricts symlink creation from the sandbox or places the sandbox in a directory where symlink permissions are tightly controlled to prevent external module loading.

Generated by OpenCVE AI on May 13, 2026 at 19:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-cp6g-6699-wx9c	vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00284.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c

History

Thu, 14 May 2026 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vm2 Project Vm2 Project vm2
CPEs		cpe:2.3:a:vm2_project:vm2:3.10.5:::::node.js::
Vendors & Products		Vm2 Project Vm2 Project vm2

Wed, 13 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Patriksimek Patriksimek vm2
Vendors & Products		Patriksimek Patriksimek vm2

Wed, 13 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.
Title		vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape
Weaknesses		CWE-59
References		https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Patriksimek Vm2

Vm2 Project Vm2

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-13T17:19:44.406Z

Updated: 2026-05-15T03:55:52.827Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43998

Vulnrichment

Updated: 2026-05-13T18:08:47.351Z

NVD

Status : Analyzed

Published: 2026-05-13T18:16:16.317

Modified: 2026-05-14T15:36:55.493

Link: CVE-2026-43998

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T20:00:04Z

Weaknesses

CWE-59

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object