Description
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, async_hooks, and perf_hooks builtins are not blocked by the dangerous builtin denylist. These modules are process-wide, not sandbox-local. Sandboxed code can use them to observe host application data across the vm2 boundary. This issue has been patched in version 3.11.4.
Published: 2026-06-12
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates when the NodeVM sandbox exposes process-wide observability modules such as diagnostics_channel, async_hooks, and perf_hooks through require.builtin. These builtins are not protected by the builtin denylist, allowing sandboxed code to access host references. An attacker controlling or inserting malicious code into the sandbox could use these modules to observe or extract information from the host Node.js process, potentially compromising application secrets, configuration, or runtime diagnostics. The weakness is classified as CWE-668, reflecting information leakage across a sandbox boundary.

Affected Systems

The affected product is vm2, an open source VM/sandbox for Node.js, maintained by patriksimek. Versions before 3.11.4 are impacted. Version 3.11.4 and later include the necessary fix.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and the EPSS score of less than 1% suggests a low but non‑zero likelihood of exploitation. The vulnerability is not listed in CISA KEV, so no known large‑scale exploitation has been documented. The attack vector is inferred to be a sandboxed code injection or a supply‑chain scenario where malicious code is executed within a NodeVM instance. Exploiting it requires that the sandbox allows the disallowed builtins, meaning a configuration that trusts the sandboxed code grants an attacker the ability to observe host application data across the boundary.

Generated by OpenCVE AI on June 12, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update vm2 to version 3.11.4 or later to receive the patch
  • Restrict require.builtin to only necessary modules and explicitly deny diagnostics_channel, async_hooks, and perf_hooks
  • Validate and monitor any code that is executed inside NodeVM instances for malicious activity

Generated by OpenCVE AI on June 12, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9g8x-92q2-p28f NodeVM observability builtins leak host process and HTTP request data
History

Fri, 12 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Patriksimek
Patriksimek vm2
Vendors & Products Patriksimek
Patriksimek vm2

Fri, 12 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnostics_channel, async_hooks, and perf_hooks builtins are not blocked by the dangerous builtin denylist. These modules are process-wide, not sandbox-local. Sandboxed code can use them to observe host application data across the vm2 boundary. This issue has been patched in version 3.11.4.
Title vm2: NodeVM observability builtins leak host process and HTTP request data
Weaknesses CWE-668
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Patriksimek Vm2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-12T14:17:35.970Z

Reserved: 2026-05-18T19:50:18.696Z

Link: CVE-2026-47141

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-12T15:16:28.537

Modified: 2026-06-12T16:03:15.620

Link: CVE-2026-47141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T15:30:31Z

Weaknesses
  • CWE-668

    Exposure of Resource to Wrong Sphere