Critical VM2 Sandbox Flaw in Node.js Vulnerability Library
A critical sandbox escape vulnerability impacts vm2, a widely adopted Node.js library. Developers rely on vm2 to provide secure sandbox isolation for executing untrusted code within their...
A critical sandbox escape vulnerability impacts vm2, a widely adopted Node.js library. Developers rely on vm2 to provide secure sandbox isolation for executing untrusted code within their applications.
The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS v3.1 base score of 10.0, indicating maximum severity.
The vulnerability stems from incomplete callback sanitization in Promise prototype handling.
While the vm2 developers sanitized callbacks for localPromise.prototype.then, the sanitization does not apply to globalPromise.prototype.then.
Since async functions return global Promise objects rather than local ones, attackers can bypass sandbox restrictions and gain code execution privileges on the underlying host system.
VM2 Sandbox Vulnerability
The vulnerability exploits an asymmetry in callback sanitization across promise chains.
Researchers discovered that Promise.prototype.catch callbacks can be manipulated through error stack manipulation.
| CVE ID | Package | Affected Versions | CVSS Score | Vulnerability Type | Attack Vector |
|---|---|---|---|---|---|
| CVE-2026-22709 | vm2 (npm) | ≤ 3.10.0 | 10.0 | Sandbox Escape | Network |
By creating an error object with a symbolic name and triggering an async function, an attacker gains access to the Error constructor, which ultimately enables arbitrary code execution via the Function constructor.
The attack chain leverages this progression to instantiate a Function object with arbitrary payload code.
In proof-of-concept demonstrations, attackers have successfully executed system commands such as execSync() via access to the child_process module, completely circumventing the sandbox isolation layer.
VM2 maintainers released version 3.10.2, a patched version, to address the flaw.
This update properly sanitizes Promise callbacks across both local and global prototype chains, closing the sandbox escape vector.
Organizations using vm2 should immediately upgrade to version 3.10.2 or later.
The package co-founder, Patrik Šimek, published a GitHub advisory two days ago, showing active maintenance and a rapid response to the security issue
Development teams relying on VM2 for code sandboxing should treat this as a critical priority.
Conduct immediate inventory assessments across development and production environments to identify affected deployments.
Deploy version 3.10.2 through your package management pipeline without delay, and validate that no production instances remain on vulnerable versions.
Until patching is complete, consider restricting VM2 execution contexts to trusted code only.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.