CVE-2026-45411
published 2026-05-13CVE-2026-45411: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.57%
42.8th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the runtime and passed to the yield* iterator as the next value. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.3.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.3 | 3.11.3 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | < 3.11.3 | 3.11.3 |
| vm2_project | vm2 | >= 0 < 3.11.3 | 3.11.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Sandbox escape via yield* expression inside an async generator — monitor for sandboxed code using yield* within async generators, particularly when the generator is closed via the return() function, as this is the specific attack vector for CVE-2026-45411 ↗
- →Target environment: vm2 versions prior to 3.11.3 running on Node.js — flag any deployment of vm2 < 3.11.3 as vulnerable to arbitrary host command execution via sandbox escape ↗
- →Unauthenticated remote exploitation possible — any endpoint accepting user-supplied code executed within a vm2 sandbox is an attack surface; alert on remote unauthenticated code submission to vm2-backed services ↗
- ·Red Hat Developer Hub (rhdh/rhdh-hub-rhel9) is listed as under investigation for this CVE — patch status not yet confirmed ↗
- ·Ansible Automation Platform self-service portal (ansible-automation-platform/automation-portal) is listed as under investigation for this CVE — patch status not yet confirmed ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa8.6HIGH
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
ghsa·2026-05-21·CVSS 8.6
CVE-2026-46638 [HIGH] CWE-693 Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
Twig: `{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
### Description
The fix for CVE-2024-45411 / GHSA-6j75-5wfj-gh66 added an explicit `$loaded->unwrap()->checkSecurity()` call in `CoreExtension::include()` so that a template already cached in `Environment::$loadedTemplates` is re-checked when included with `sandboxed = true`.
The deprecated but still functional `{% sandbox %}{% include ... %}{% endsandbox %}` tag path was not updated: it compiles to `enableSandbox(); yield from $this->load(...)->unwrap()->yield(...); disableSandbox();` with no `checkSecurity()` re-invocation. If the included template was loaded once outside the sandbox in the same `Environment` instance, its constructor (and therefore its compiled `checkSecur
GHSA
vm2 Has a Sandbox Breakout Using Async Generator
ghsa·2026-05-14
CVE-2026-45411 [CRITICAL] CWE-668 vm2 Has a Sandbox Breakout Using Async Generator
vm2 Has a Sandbox Breakout Using Async Generator
### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
It is possible to catch a host exception using the `yield*` expression inside an async generator. When the generator is closed using the `return` function, the value is awaited on and exceptions thrown in the `then` call will be catched by the runtime and passed to the `yield*` iterator as the next value.
### PoC
```js
const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
class E extends Error {}
function so(d) {
if (d > 0) so(d-1);
const e = new E();
e.stack;
throw e;
}
async function* helper() {
yield* {
[Symbol.asyncIte
VulDB
patriksimek vm2 up to 3.11.2 exposure of resource (GHSA-248r-7h7q-cr24)
vuldb·2026-05-13·CVSS 9.8
CVE-2026-45411 [CRITICAL] patriksimek vm2 up to 3.11.2 exposure of resource (GHSA-248r-7h7q-cr24)
A vulnerability, which was classified as critical, has been found in patriksimek vm2 up to 3.11.2. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in exposure of resource.
This vulnerability was named CVE-2026-45411. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
Red Hat
vm2: vm2: Arbitrary Code Execution due to sandbox escape vulnerability
vendor_redhat·2026-05-13·CVSS 9.8
CVE-2026-45411 [CRITICAL] CWE-237 vm2: vm2: Arbitrary Code Execution due to sandbox escape vulnerability
vm2: vm2: Arbitrary Code Execution due to sandbox escape vulnerability
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async generator. When the generator is closed using the return function, the value is awaited on and exceptions thrown in the then call will be caught by the runtime and passed to the yield* iterator as the next value. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This vulnerability is fixed in 3.11.3.
A flaw was found in vm2 (before 3.11.3). Host exceptions can be caught from sandbox code using yield* inside an async generator; closing the generator with return() awaits the value and passes host exce
No detection rules found.
No public exploits indexed.
https://github.com/patriksimek/vm2/security/advisories/GHSA-248r-7h7q-cr24https://access.redhat.com/security/cve/CVE-2026-45411https://bugzilla.redhat.com/show_bug.cgi?id=2477210https://github.com/patriksimek/vm2/security/advisories/GHSA-248r-7h7q-cr24https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45411.json
2026-05-13
Published