Critical vm2 Node.js Library Flaws Allow Arbitrary Code Execution
Key Takeaways Eleven critical vulnerabilities have been discovered in the vm2 Node.js library, threatening applications that rely on it for secure code execution. These flaws allow attackers to...
Key Takeaways
- Eleven critical vulnerabilities have been discovered in the vm2 Node.js library, threatening applications that rely on it for secure code execution.
- These flaws allow attackers to escape the vm2 sandbox and achieve arbitrary code execution on the host system.
- The vulnerabilities affect all vm2 versions up to 3.11.1.
- While most issues have patches available in vm2 version 3.11.0 or 3.11.1, two critical vulnerabilities (CVE-2026-44008 and CVE-2026-44009) remain unpatched.
- The disclosures fundamentally undermine vm2’s security model, suggesting its JavaScript-only isolation is insufficient for high-security environments.
A series of eleven critical vulnerabilities have been uncovered in the vm2 Node.js library, jeopardizing countless applications designed to safely execute untrusted JavaScript code. These newly disclosed flaws allow malicious code to break out of its isolated environment and execute commands directly on the host system, compromising the integrity of the underlying infrastructure.
Table Of Content
The vm2 package is a widely adopted Node.js npm library, engineered to run untrusted JavaScript within a secure, isolated container. It serves as a foundational component for various critical systems, including online code execution platforms, continuous integration (CI) pipelines, plugin architectures, and multi-tenant cloud services. The library’s core security promise—to contain malicious code and protect the host—has been severely compromised by these recent findings.
Researchers have demonstrated eleven distinct techniques to bypass vm2’s sandbox, revealing significant weaknesses in its isolation model. Each of these vulnerabilities facilitates full remote code execution (RCE) on the host system, directly contradicting the library’s fundamental security guarantee.
Detailed Analysis of vm2 Vulnerabilities
The identified vulnerabilities exploit various mechanisms within Node.js and vm2 itself, demonstrating a broad attack surface.
Critical Sandbox Escapes
- CVE-2026-24118 leverages specific behaviors of
__lookupGetter__to achieve a sandbox escape. - CVE-2026-24120 bypasses Promise species protections, enabling command execution via
child_process.execSync. - CVE-2026-24781 exploits Node.js’s
utilmodule by abusing itsinspectinternals to expose raw host objects, thereby bypassing vm2’s proxy-based isolation.
Exploiting Newer JavaScript Features
Modern JavaScript features also introduced new attack vectors:
- CVE-2026-26332 exploits
DisposableStackandSuppressedErrormechanics, specifically in Node.js v24, to expose the host’sFunctionobject. - CVE-2026-26956 targets Node.js v25, utilizing a WebAssembly
try_tableinstruction to completely bypass vm2’s sanitization processes. Researchers successfully achieved root-level code execution using this method.
Prototype Chain and Module Loading Abuses
Additional vulnerabilities involve manipulating JavaScript prototype chains and module loading logic:
- CVE-2026-43997 and CVE-2026-44006 both exploit
util.inspectand prototype traversal techniques to escape the sandbox. - CVE-2026-43999 circumvents vm2’s internal module restrictions by abusing
Module._load(), even in scenarios wherechild_processis explicitly blocked. - CVE-2026-44005 enables prototype pollution, allowing attackers to modify shared host prototypes like
Object.prototypeandFunction.prototype, which could impact the entire Node.js process.
Configuration Flaws
A significant configuration vulnerability, tracked as GHSA-8hg8-63c5-gwmx, highlighted that enabling nesting: true effectively neutralizes the require: false security control. This allows sandboxed code to create unrestricted inner VMs, leading to full RCE despite explicit security restrictions.
Unpatched Critical Vulnerabilities
Of particular concern are two critical vulnerabilities, CVE-2026-44008 and CVE-2026-44009, which remain unpatched across all vm2 versions up to 3.11.1. These flaws exploit how array species are handled and specific exception logic to expose host-side objects and regain unrestricted access to the host’s Function constructor.
The table below summarizes the identified vulnerabilities, their affected versions, and the patched versions where applicable:
| CVE ID | Affected Versions | Patched Version |
|---|---|---|
| CVE-2026-24118 | ≤ 3.10.4 | 3.11.0 |
| CVE-2026-24120 | ≤ 3.10.3 | 3.10.5 |
| CVE-2026-24781 | ≤ 3.10.3 | 3.11.0 |
| CVE-2026-26332 | ≤ 3.10.4 | 3.11.0 |
| CVE-2026-26956 | 3.10.4 | 3.10.5 |
| CVE-2026-43997 | ≤ 3.10.5 | 3.11.0 |
| CVE-2026-43999 | 3.10.5 | 3.11.0 |
| CVE-2026-44005 | 3.9.6–3.10.5 | 3.11.0 |
| CVE-2026-44006 | ≤ 3.10.5 | 3.11.0 |
| CVE-2026-44008 | ≤ 3.11.1 | No patch available |
| CVE-2026-44009 | ≤ 3.11.1 | No patch available |
| — | ≤ 3.11.0 | 3.11.1 |
According to reports published by patriksimek on GitHub, these eleven vulnerabilities collectively expose deep-seated weaknesses in vm2’s sandbox security model, posing substantial risks to applications designed to execute untrusted code.
What You Should Do
- Upgrade Immediately: All users of vm2 should upgrade their installations to version 3.11.1 without delay to address all currently patched vulnerabilities.
- Mitigate Unpatched Flaws: For the unpatched vulnerabilities CVE-2026-44008 and CVE-2026-44009, organizations should seriously consider discontinuing the use of vm2-based sandboxing entirely. Instead, explore robust kernel-level isolation technologies such as Docker, gVisor, or Firecracker microVMs.
- Review Configuration: Developers must strictly avoid using the
nesting: trueoption and wildcard built-in configurations, such as['*', '-child_process'], in any environment where untrusted code is executed. - Re-evaluate Security Model: Given the extensive range and sophistication of these bypass techniques—encompassing JavaScript prototype manipulation, WebAssembly exception handling, Promise species overwriting, and module loading abuses—vm2’s JavaScript-only isolation model should be considered fundamentally inadequate for high-security applications or environments handling truly untrusted code.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.