CVE-2026-47208
published 2026-06-12CVE-2026-47208: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code…
PriorityP267critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.51%
39.5th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.4 | 3.11.4 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | >= 0 < 3.11.4 | 3.11.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The sandbox breakout is achieved via Promise Species manipulation in vm2; monitor for untrusted code execution patterns leveraging Promise[Symbol.species] overrides within vm2 sandbox contexts. ↗
- →Exploitation requires an attacker to supply untrusted malicious code to the vm2 sandbox; flag any use of vm2 versions prior to 3.11.4 executing externally-supplied code. ↗
- →Successful exploitation leads to arbitrary code execution on the host system; monitor for unexpected child processes or system calls spawned from Node.js vm2 sandbox processes. ↗
- ·Affected Red Hat packages include rhdh/rhdh-hub-rhel9 (Red Hat Developer Hub) and ansible-automation-platform/automation-portal (Self-service automation portal 2); patch to vm2 3.11.4 or later. ↗
- ·No vendor-provided mitigation meets Red Hat's criteria; upgrade to vm2 3.11.4 is the only effective remediation. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.11.3 dynamically-managed code resources (EUVD-2026-36447)
vuldb·2026-06-14·CVSS 10.0
CVE-2026-47208 [CRITICAL] patriksimek vm2 up to 3.11.3 dynamically-managed code resources (EUVD-2026-36447)
A vulnerability was found in patriksimek vm2 up to 3.11.3 and classified as critical. This affects an unknown function. Such manipulation leads to dynamically-managed code resources.
This vulnerability is listed as CVE-2026-47208. The attack may be performed from remote. There is no available exploit.
It is suggested to upgrade the affected component.
GHSA
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
ghsa·2026-05-29
CVE-2026-47208 [CRITICAL] CWE-913 vm2 is Vulnerable to Sandbox Breakout Through Promise Species
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
### Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
### Details
The `localPromise` constructor was changed to call `this.then(undefined, eater)` to ensure a rejected promise is always used. However, this is missing a call to `resetPromiseSpecies` to ensure that `this` has no special species. Since the species can be changed a custom promise can be used to supply a custom reject method to the executor allowing to get a raw host error and escape the sandbox.
### PoC
```js
const {VM} = require("vm2");
const vm = new VM();
vm.run(`
class E extends Error {}
function so(d) {
if (d > 0) so(d-1);
Red Hat
vm2: vm2: Sandbox Breakout Using Promise Species
vendor_redhat·2026-06-12·CVSS 10.0
CVE-2026-47208 [CRITICAL] vm2: vm2: Sandbox Breakout Using Promise Species
vm2: vm2: Sandbox Breakout Using Promise Species
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4.
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
Statement: Exploitation requires an attacker to supply untrusted malicious code to the vm2 sandbox, which is easily achieved since
No detection rules found.
No public exploits indexed.
2026-06-12
Published