CVE-2026-47135
published 2026-06-12CVE-2026-47135: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js…
PriorityP350high8.7CVSS 3.1
AVNACHPRNUINSCCHIHAN
EPSS
0.27%
18.2th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them to host objects, and control host-side behavior — verified with a full util.promisify hijack chain. This issue has been patched in version 3.11.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.4 | 3.11.4 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | >= 0 < 3.11.4 | 3.11.4 |
CVSS provenance
nvdv3.18.7HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
vendor_redhat8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.11.3 protection mechanism (EUVD-2026-36442)
vuldb·2026-06-14·CVSS 8.7
CVE-2026-47135 [HIGH] patriksimek vm2 up to 3.11.3 protection mechanism (EUVD-2026-36442)
A vulnerability has been found in patriksimek vm2 up to 3.11.3 and classified as problematic. The impacted element is an unknown function. This manipulation causes protection mechanism failure.
This vulnerability is tracked as CVE-2026-47135. The attack is possible to be carried out remotely. No exploit exists.
The affected component should be upgraded.
GHSA
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
ghsa·2026-05-29
CVE-2026-47135 [HIGH] CWE-693 vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
## Summary
vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's `set`/`defineProperty`/`deleteProperty` traps having **no** `isDangerousCrossRealmSymbol` key check, sandbox code can obtain real cross-realm symbols, write them to host objects, and control host-side behavior — verified with a full `util.promisify` hijack chain.
## Root Cause
**1. Incomplete `Symbol.for` override** (`setup-sandbox.js:132-142`):
```js
Symbol.for = function (key) {
const keyStr = '' + key;
if (keyStr === 'nodejs.util.inspect.custom') return blockedSymbolCustomInspect;
if (keyStr === 'nodejs.rejection') return
Red Hat
vm2: vm2: Sandbox escape allows arbitrary code execution on the host system
vendor_redhat·2026-06-12·CVSS 8.7
CVE-2026-47135 [HIGH] CWE-1100 vm2: vm2: Sandbox escape allows arbitrary code execution on the host system
vm2: vm2: Sandbox escape allows arbitrary code execution on the host system
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them to host objects, and control host-side behavior — verified with a full util.promisify hijack chain. This issue has been patched in version 3.11.4.
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. T
No detection rules found.
No public exploits indexed.
2026-06-12
Published