CVE-2026-47140 - Vulnerability Details

- vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution

Description

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process. This issue has been patched in version 3.11.4.

Published: 2026-06-12

Score: 10 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a denylist bypass in the NodeVM built‑in system of the vm2 sandbox. The denylist, which should block dangerous Node.js built‑ins, omits the process object and the inspector/promises namespace. Code executed inside the sandbox can therefore obtain references to these host references, allowing it to run arbitrary code with the privileges of the host process. This represents a full remote code execution flaw, categorized as CWE‑693.

Affected Systems

The vulnerability affects the patriksimek:vm2 library for Node.js. Any installation of vm2 earlier than version 3.11.4 is susceptible. The patch was applied in the 3.11.4 release. Systems that embed vm2 to isolate untrusted JavaScript or other scripting languages are at risk if they are running these older versions.

Risk and Exploitability

The CVSS score of 10 indicates extremely high severity. The EPSS score of less than 1% reflects a low-but‑present probability of exploitation at the time of this assessment, and the issue is not listed in CISA KEV. Likely exploitation requires the ability to inject or run sandboxed code; an attacker could craft a payload that accesses the process or inspector/promises objects to escape the sandbox and execute host‑side code. Because the denial bypass is a logical flaw rather than a misconfiguration, any code supplied to NodeVM can potentially trigger it.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

patriksimek

vm2

affected

Version	Status	Constraints
`< 3.11.4`	affected	—

No data.

Vendor Product Confidence Versions

Patriksimek

Vm2

100%

Version	Status	Scheme	Platform
`[0,3.11.4)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade vm2 to version 3.11.4 or later
Confirm that the NodeVM denylist now excludes process and inspector/promises before accepting new sandboxed code
Audit all code paths that provide untrusted input to NodeVM and remove or harden any that rely on sandboxed execution

Generated by OpenCVE AI on June 12, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-rp36-8xq3-r6c4	NodeVM builtin denylist bypass via process and inspector/promises allows host code execution

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0008.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b
https://github.com/patriksimek/vm2/releases/tag/v3.11.4
https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4

History

Fri, 12 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 12 Jun 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Patriksimek Patriksimek vm2
Vendors & Products		Patriksimek Patriksimek vm2

Fri, 12 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description		vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process. This issue has been patched in version 3.11.4.
Title		vm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
Weaknesses		CWE-693
References		https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b https://github.com/patriksimek/vm2/releases/tag/v3.11.4 https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Patriksimek Vm2

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-12T14:16:10.727Z

Updated: 2026-06-13T03:55:57.896Z

Reserved: 2026-05-18T19:50:18.696Z

Link: CVE-2026-47140

Vulnrichment

Updated: 2026-06-12T16:39:00.826Z

NVD

Status : Deferred

Published: 2026-06-12T15:16:28.400

Modified: 2026-06-12T17:16:23.830

Link: CVE-2026-47140

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-12T16:00:20Z

Weaknesses

CWE-693
Protection Mechanism Failure

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object