Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.
Published: 2026-05-13
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can exploit a flaw in vm2, an open‑source sandbox for Node.js, that allows a NodeVM instance to bypass its builtin allowlist when the 'module' builtin is permitted. In such a configuration, the module builtin exposes Node's own Module._load() function, which can load any module by name in the host process. The attacker can therefore import excluded built‑ins such as child_process and achieve remote code execution. The vulnerability is a direct exploitation of a CWE‑863 lack of proper access control in the allowlist mechanism.

Affected Systems

The vulnerability affects the vm2 package from patriksimek. Any version running prior to 3.11.0 is susceptible, regardless of allowlist configuration that permits the module builtin. Users who rely on vm2's built‑ins restrictions for sandboxing should verify the installed version and the allowlist contents.

Risk and Exploitability

The CVSS score of 9.9 indicates critical severity. EPSS is not available, but the vulnerability is not listed in CISA's KEV catalog, which suggests no known widespread exploitation yet. Nevertheless, the attack vector is likely local to applications that instantiate NodeVM with the module builtin allowed, allowing the attacker to run arbitrary Node code with host privileges.

Generated by OpenCVE AI on May 13, 2026 at 19:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vm2 to version 3.11.0 or newer to remove the Module._load bypass and restore proper allowlist enforcement.
  • If an immediate upgrade is not possible, remove the 'module' builtin from the NodeVM allowlist or replace it with a custom wrapper that does not expose Module._load, thereby limiting the sandbox’s ability to load disallowed modules.
  • Reconfigure the sandbox to explicitly deny dangerous built‑ins such as child_process, fs, net, and other host‑affecting modules, and consider adding additional runtime checks or a stricter allowlist to prevent accidental exposure of the host environment.

Generated by OpenCVE AI on May 13, 2026 at 19:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-947f-4v7f-x2v8 vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
History

Thu, 14 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.
Title vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T03:55:54.967Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43999

cve-icon Vulnrichment

Updated: 2026-05-14T15:35:08.357Z

cve-icon NVD

Status : Modified

Published: 2026-05-13T18:16:16.450

Modified: 2026-05-14T16:16:23.190

Link: CVE-2026-43999

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:00:04Z

Weaknesses