cbcvebase.

Vm2 Project Vm2 vulnerabilities

41 known vulnerabilities affecting vm2_project/vm2.

Total CVEs
41
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL29HIGH8MEDIUM4

Vulnerabilities

Page 2 of 3
CVE-2026-44007P2CRITICALCVSS 9.1fixed in 3.11.12026-05-13
CVE-2026-44007 [CRITICAL] CWE-284 CVE-2026-44007: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting: true, sandbox code can unconditionally require('vm2') regardless of the outer VM's require configuration — including require: false. With access to vm2, the sandbox constructs a new inner NodeVM with its own unrestricted require settings and execu
ghsanvd
CVE-2021-23449P3CRITICALCVSS 10.0fixed in 3.9.4≥ unspecified, < 3.9.42021-10-18
CVE-2021-23449 [CRITICAL] CWE-1321 CVE-2021-23449: This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
ghsanvdosv
CVE-2026-44006P2CRITICALCVSS 10.0fixed in 3.11.02026-05-13
CVE-2026-44006 [CRITICAL] CWE-94 CVE-2026-44006: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.g vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0.
ghsanvd
CVE-2026-47210P2CRITICAL≥ 0, < 3.11.42026-05-29
CVE-2026-47210 [CRITICAL] CWE-913 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass ### Summary A sandbox escape vulnerability in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (`WebAssembly.promising` / `WebAssembly.Suspending`). In the tested configuration, a JSPI-backed Promise can reach `Promise.protot
ghsa
CVE-2026-43997P3CRITICALCVSS 10.0fixed in 3.11.02026-05-13
CVE-2026-43997 [CRITICAL] CWE-94 CVE-2026-43997: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Obj vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.
ghsanvd
CVE-2026-44005P3CRITICALCVSS 10.0≥ 3.9.6, < 3.11.02026-05-13
CVE-2026-44005 [CRITICAL] CWE-94 CVE-2026-44005: vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable pro vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited No
ghsanvd
CVE-2021-23555P3CRITICALCVSS 9.8fixed in 3.9.6≥ unspecified, < 3.9.62022-02-11
CVE-2021-23555 [CRITICAL] CVE-2021-23555: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error object The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.
ghsanvdosv
CVE-2022-25893P3CRITICALCVSS 9.8fixed in 3.9.10≥ unspecified, < 3.9.102022-12-21
CVE-2022-25893 [CRITICAL] CWE-471 CVE-2022-25893: The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototy The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.
ghsanvdosv
CVE-2026-47131P2CRITICAL≥ 0, < 3.11.42026-05-29
CVE-2026-47131 [CRITICAL] CWE-913 vm2 has a Sandbox Escape issue vm2 has a Sandbox Escape issue ### Summary By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox. This allows attackers to run arbitrary code. ### PoC ```js "use strict"; const { VM } = require("vm2"); const vm =
ghsa
CVE-2026-44009P3CRITICALCVSS 9.8fixed in 3.11.22026-05-13
CVE-2026-44009 [CRITICAL] CWE-668 CVE-2026-44009: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11. vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.
ghsanvd
CVE-2019-10761P3HIGHCVSS 8.3fixed in 3.6.11≥ unspecified, < 3.6.112022-07-13
CVE-2019-10761 [HIGH] CWE-674 CVE-2019-10761: This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from th This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code running the script allowing it to spawn a child_process and ex
ghsanvdosv
CVE-2026-47139P3HIGH≥ 0, < 3.11.42026-05-29
CVE-2026-47139 [HIGH] CWE-693 NodeVM network builtin exclusions bypass via internal _http_client and _http_server NodeVM network builtin exclusions bypass via internal _http_client and _http_server ## Summary `NodeVM` supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to `http`, `https`, `http2`, `net`, `dgram`, `tls`, `dns`, and `dns/promises` is blocked. However, Node.js also exposes underscored internal HTTP builtins such as `
ghsa
CVE-2026-44001P3HIGHCVSS 8.6fixed in 3.11.02026-05-13
CVE-2026-44001 [HIGH] CVE-2026-44001: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that triggers an unhandled rejection propagating to the host. The fix for CVE-2026-22709 (v3.10.2) only sanitized the onRejected callback in .then() and .catch
ghsanvd
CVE-2026-47135P3HIGH≥ 0, < 3.11.42026-05-29
CVE-2026-47135 [HIGH] CWE-693 vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks ## Summary vm2 3.11.2 `Symbol.for` override in `setup-sandbox.js` only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's `set`/`defineProperty`/`deleteProperty` traps having **no** `isDangerousCrossRealmSymbol` key c
ghsa
CVE-2026-44004P3HIGHCVSS 7.5fixed in 3.11.02026-05-13
CVE-2026-44004 [HIGH] CWE-770 CVE-2026-44004: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc( vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc() with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust host memory and crash the process with a FATAL ERROR: Re
ghsanvd
CVE-2026-47209P3HIGH≥ 0, < 3.11.42026-05-29
CVE-2026-47209 [HIGH] CWE-693 vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain ## Summary The `BaseHandler.set` trap in `bridge.js` (line 1231) ignores the `receiver` parameter and unconditionally writes to the host target object. Per the Proxy `set` trap specification, when `receiver !== proxy` (e.g., when a chil
ghsa
CVE-2026-44000P3HIGHCVSS 7.2fixed in 3.11.02026-05-13
CVE-2026-44000 [HIGH] CWE-693 CVE-2026-44000: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 a vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then() callback preserves host identity. This al
ghsanvd
CVE-2026-47141P3MEDIUM≥ 0, < 3.11.42026-05-29
CVE-2026-47141 [MEDIUM] CWE-668 NodeVM observability builtins leak host process and HTTP request data NodeVM observability builtins leak host process and HTTP request data ## Summary `NodeVM` exposes some process-wide observability builtins when they are allowed through `require.builtin`. The following builtins are not blocked by the dangerous builtin denylist: ```text diagnostics_channel async_hooks perf_hooks ``` These modules are process-wide, not sandbox-local. Sandboxed code can use th
ghsa
CVE-2026-44003P4MEDIUMCVSS 5.8fixed in 3.11.02026-05-13
CVE-2026-44003 [MEDIUM] CWE-693 CVE-2026-44003: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performa vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL variable, which ex
ghsanvd
CVE-2026-44002P4MEDIUMCVSS 5.8fixed in 3.11.02026-05-13
CVE-2026-44002 [MEDIUM] CWE-209 CVE-2026-44002: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intende vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intended as a safe wrapper for V8's native CallSite) blocks getThis() and getFunction() to prevent host object leakage, but allows getFileName() to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library p
ghsanvd
Vm2 Project Vm2 vulnerabilities | cvebase