CVE-2026-47210
published 2026-06-12CVE-2026-47210: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.51%
39.4th percentile
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| patriksimek | vm2 | < 3.11.4 | 3.11.4 |
| rhdh | rhdh-hub-rhel9 | — | — |
| vm2_project | vm2 | >= 0 < 3.11.4 | 3.11.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Sandbox escape occurs when untrusted code uses async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending); monitor for use of these APIs within vm2 sandbox contexts ↗
- →Attack vector involves a JSPI-backed Promise reaching Promise.prototype.finally() to bypass Promise-species hardening and expose a host-originated rejection object to attacker-controlled species logic; look for overriding of Promise[Symbol.species] or Promise.prototype.finally within sandboxed code ↗
- ·Vulnerable only when untrusted code is executed with async support on runtimes that expose WebAssembly JSPI; standard deployments of Red Hat Developer Hub and Ansible Automation Platform do not invoke the vulnerable sandbox functionality in production code paths ↗
- ·Fix is available in vm2 version 3.11.4; upgrade from any prior version to remediate ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
patriksimek vm2 up to 3.11.3 Promise.prototype.finally dynamically-managed code resources (EUVD-2026-36448)
vuldb·2026-06-14·CVSS 9.8
CVE-2026-47210 [CRITICAL] patriksimek vm2 up to 3.11.3 Promise.prototype.finally dynamically-managed code resources (EUVD-2026-36448)
A vulnerability described as critical has been identified in patriksimek vm2 up to 3.11.3. This affects the function Promise.prototype.finally. Such manipulation leads to dynamically-managed code resources.
This vulnerability is uniquely identified as CVE-2026-47210. The attack can be launched remotely. No exploit exists.
Upgrading the affected component is recommended.
GHSA
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
ghsa·2026-05-29
CVE-2026-47210 [CRITICAL] CWE-913 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
### Summary
A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (`WebAssembly.promising` / `WebAssembly.Suspending`). In the tested configuration, a JSPI-backed Promise can reach `Promise.prototype.finally()` in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary.
This is a critical sandbox escape: any application that treats `vm2` as a security boundary may be fully compromised.
### Details
On node26, JSPI-backed Promises created through `WebAssembly.promising(...)` do
Red Hat
vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.
vendor_redhat·2026-06-12·CVSS 9.8
CVE-2026-47210 [CRITICAL] CWE-653 vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.
vm2: vm2: Arbitrary code execution via sandbox escape when executing untrusted code with async support.
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js
No detection rules found.
No public exploits indexed.
2026-06-12
Published