CVE-2026-47140
published 2026-06-12CVE-2026-47140: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads…
PriorityP265critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.54%
41.1th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process. This issue has been patched in version 3.11.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.4 | 3.11.4 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | >= 0 < 3.11.4 | 3.11.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Sandboxed code leveraging the `process` built-in (missing from vm2 denylist) to reach host-side execution primitives should be flagged as a sandbox escape attempt. ↗
- →Sandboxed code leveraging `inspector/promises` (missing from vm2 denylist) to reach host-side execution primitives should be flagged as a sandbox escape attempt. ↗
- →Monitor vm2 versions prior to 3.11.4 in Node.js environments; the vulnerable NodeVM sandbox does not block `process` or `inspector/promises`, enabling arbitrary code execution in the host process. ↗
- →Alert on user-supplied JavaScript being routed into a vm2 NodeVM sandbox instance, as this is the required exploitation condition for CVE-2026-47140. ↗
- ·Red Hat Developer Hub (rhdh/rhdh-hub-rhel9) and Ansible Automation Platform carry vm2 as a transitive dependency but do not invoke the vulnerable sandbox in production code paths; exploitation risk is reduced but the package is still present. ↗
- ·No Red Hat-endorsed mitigation short of patching is available for this vulnerability. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.11.3 protection mechanism (EUVD-2026-36446)
vuldb·2026-06-14·CVSS 10.0
CVE-2026-47140 [CRITICAL] patriksimek vm2 up to 3.11.3 protection mechanism (EUVD-2026-36446)
A vulnerability marked as critical has been reported in patriksimek vm2 up to 3.11.3. Affected by this issue is some unknown functionality. This manipulation causes protection mechanism failure.
This vulnerability is handled as CVE-2026-47140. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
ghsa·2026-05-29
CVE-2026-47140 [CRITICAL] CWE-693 NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
NodeVM builtin denylist bypass via process and inspector/promises allows host code execution
## Summary
`NodeVM` blocks several dangerous Node.js builtins such as `module`, `worker_threads`, `cluster`, `vm`, `repl`, and `inspector`.
However, the denylist misses `process` and `inspector/promises`. Both can be used from sandboxed code to reach host-side execution primitives.
This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process.
## Details
The dangerous builtin denylist is defined in `lib/builtin.js`. This list does not include:
```text
process
inspector/promises
```
Non-denied builtins are exposed to the sandbox through:
```js
builtins.set(key, special ? special : vm => vm.readonly(hostRequire(key)));
```
Because of this, sandb
Red Hat
vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions
vendor_redhat·2026-06-12·CVSS 10.0
CVE-2026-47140 [CRITICAL] CWE-184 vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions
vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process. This issue has been patched in version 3.11.4.
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in fu
No detection rules found.
No public exploits indexed.
2026-06-12
Published