Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This allows the sandbox to interact with the host object directly, including performing identity checks using host-side WeakMap and mutating host object state from inside the sandbox. This behavior occurs because the Promise fulfillment wrapper uses ensureThis() instead of the stronger cross-realm conversion path (from() / proxy wrapping). If no prototype mapping is found, ensureThis() returns the original object. As a result, objects resolved by host Promises can cross the sandbox boundary without proper isolation. This vulnerability is fixed in 3.11.0.
Published: 2026-05-13
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the vm2 sandbox, allowing host object identity to be preserved when resolving host Promises that are exposed to the sandbox. This breach of isolation permits sandbox code to directly reference and manipulate host objects, including performing WeakMap identity checks and mutating host object state. Consequently, the sandbox can effectively escape its protected boundary, enabling an attacker to run arbitrary code or alter data on the host environment.

Affected Systems

Vendor patriksimek’s vm2 library, version 3.10.x and earlier. The issue is fixed in 3.11.0; any deployment using a pre‑3.11.0 release of vm2 on Node.js is vulnerable.

Risk and Exploitability

CVSS score 6.5 indicates moderate severity. EPSS score is unknown, making exploitation probability unclear. The vulnerability is not listed in the CISA KEV catalog. Attack requires the ability to provide a host Promise that resolves to a host object and exposes it to the sandbox; if an application passes such a Promise to vm2, the sandbox can use the returned object directly. The exploit does not need elevated privileges beyond the sandbox context, but its impact can affect the host process.

Generated by OpenCVE AI on May 13, 2026 at 19:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade vm2 to version 3.11.0 or later.
  • Ensure that Promises exposed to the sandbox resolve only to benign objects, or avoid passing host Promises to vm2.
  • Review code to remove any host Promise exposure to vm2; consider adding runtime checks.

Generated by OpenCVE AI on May 13, 2026 at 19:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mpf8-4hx2-7cjg vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
History

Thu, 14 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Vm2 Project
Vm2 Project vm2
CPEs cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*
Vendors & Products Vm2 Project
Vm2 Project vm2

Wed, 13 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This allows the sandbox to interact with the host object directly, including performing identity checks using host-side WeakMap and mutating host object state from inside the sandbox. This behavior occurs because the Promise fulfillment wrapper uses ensureThis() instead of the stronger cross-realm conversion path (from() / proxy wrapping). If no prototype mapping is found, ensureThis() returns the original object. As a result, objects resolved by host Promises can cross the sandbox boundary without proper isolation. This vulnerability is fixed in 3.11.0.
Title vm2: sandbox boundary bypass via host Promise resolution preserving host object identity
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Patriksimek Vm2
Vm2 Project Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-13T18:20:55.192Z

Reserved: 2026-05-04T20:24:31.918Z

Link: CVE-2026-44000

cve-icon Vulnrichment

Updated: 2026-05-13T18:19:06.220Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T18:16:16.590

Modified: 2026-05-14T15:35:36.290

Link: CVE-2026-44000

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:30:03Z

Weaknesses