CVE-2026-43998
published 2026-05-13CVE-2026-43998: vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed…
PriorityP262high8.5CVSS 3.1
AVNACHPRLUINSCCHIHAH
EPSS
0.72%
49.3th percentile
vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | — | — |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | — | — |
| vm2_project | vm2 | >= 3.10.5 < 3.11.0 | 3.11.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Sandboxed code attempts to load modules via symlinks that resolve outside the require.root directory — monitor for Node.js require() calls resolving to paths outside the configured root in vm2 NodeVM instances ↗
- →Detect discrepancy between path.resolve() output and the real (symlink-dereferenced) path of required modules in vm2 NodeVM — a mismatch indicates potential exploitation of this bypass ↗
- →Flag vm2 version 3.10.5 in software inventory as vulnerable; any deployment running this version with NodeVM and require.root restrictions is exploitable for RCE ↗
- →Audit require.root directories for symlinks pointing outside the allowed path — presence of such symlinks is a prerequisite for exploitation ↗
- →Treat low-privilege users who can execute code inside a NodeVM with require restrictions as a potential RCE threat vector when vm2 < 3.11.0 is in use ↗
- ·Vulnerable version is exactly 3.10.5; the fix is present in 3.11.0 — version checks should target vm2 < 3.11.0 ↗
- ·Exploitation requires the attacker to be able to place or access symlinks within the require.root directory; environments where the filesystem is read-only or symlinks are disallowed reduce exploitability ↗
- ·Red Hat packages rhdh/rhdh-hub-rhel9 and ansible-automation-platform/automation-portal are listed as under investigation — detection coverage for those products is not yet confirmed ↗
- ·The vulnerability is scoped to NodeVM with require.root restrictions; vm2 deployments that do not use require.root or do not expose require to sandboxed code are not affected by this specific bypass ↗
CVSS provenance
nvdv3.18.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 3.10.5 path.resolve link following (GHSA-cp6g-6699-wx9c)
vuldb·2026-05-13·CVSS 8.5
CVE-2026-43998 [HIGH] patriksimek vm2 3.10.5 path.resolve link following (GHSA-cp6g-6699-wx9c)
A vulnerability classified as critical has been found in patriksimek vm2 3.10.5. This vulnerability affects the function path.resolve. Performing a manipulation results in link following.
This vulnerability was named CVE-2026-43998. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.
GHSA
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
ghsa·2026-05-07
CVE-2026-43998 [HIGH] CWE-59 vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape
## Summary
NodeVM's `require.root` path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses `path.resolve()` (which does not dereference symlinks) but module loading uses Node's native `require()` (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution.
## Severity
**High** (CVSS 3.1: 8.5)
`CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H`
- **Attack Vector:** Network — sandboxed code is typically received from external sources (user-submitted scripts, plugin code)
- **Attack Complexity:** High — requires symlinks inside the allowed root
Red Hat
vm2: vm2: Remote code execution due to path restriction bypass via symlinks
vendor_redhat·2026-05-13·CVSS 8.5
CVE-2026-43998 [HIGH] CWE-59 vm2: vm2: Remote code execution due to path restriction bypass via symlinks
vm2: vm2: Remote code execution due to path restriction bypass via symlinks
vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.
A flaw was found in vm2 3.10.5. NodeVM require.root path checks use path.resolve() without dereferencing symlinks, while Node require() follows symlinks, allowing sandboxed code to load host modules outside the allowed
No detection rules found.
No public exploits indexed.
https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9chttps://access.redhat.com/security/cve/CVE-2026-43998https://bugzilla.redhat.com/show_bug.cgi?id=2477206https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9chttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43998.json
2026-05-13
Published