SB2026012608 - Multiple vulnerabilities in vm2
Published: January 26, 2026 Updated: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) Code Injection (CVE-ID: CVE-2026-22709)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the "Promise.prototype.then" and "Promise.prototype.catch" callback sanitization can be bypassed. A remote attacker can execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Improper access control (CVE-ID: CVE-2026-44005)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to escape the sandbox and modify host objects.
The vulnerability exists due to improper access control in the vm2 bridge when processing attacker-controlled JavaScript in a default VM or inherited NodeVM. A remote attacker can mutate shared host intrinsic prototypes to escape the sandbox and modify host objects.
The issue involves mutable proxies to host-realm intrinsic prototypes, including Object.prototype, Array.prototype, and Function.prototype.
3) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-44004)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in Buffer.alloc exposed through the vm2 sandbox bridge when processing sandboxed code that invokes Buffer.alloc with an arbitrary size. A remote attacker can send crafted code to allocate excessive host memory and cause a denial of service.
In memory-constrained environments, a single request can terminate the host process with an out-of-memory condition. The issue bypasses vm2's timeout handling because the allocation occurs in a synchronous native call.
4) Protection Mechanism Failure (CVE-ID: CVE-2026-44003)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to a protection mechanism failure in the code transformer when processing sandboxed code that avoids the catch, import, and async keywords. A remote attacker can submit specially crafted code to disclose sensitive information.
The issue exposes the internal VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL object and bypasses the identifier check that is intended to block access to it.
5) Information Exposure Through an Error Message (CVE-ID: CVE-2026-44002)
CWE-ID: CWE-209 - Information Exposure Through an Error Message
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information about the host environment.
The vulnerability exists due to generation of error messages containing sensitive information in the CallSite wrapper class when processing stack traces from sandboxed code. A remote attacker can trigger an error or override Error.prepareStackTrace to disclose sensitive information about the host environment.
The issue exposes host absolute paths, source locations, and internal function names to sandboxed code.
6) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2026-44000)
CWE-ID: CWE-668 - Exposure of resource to wrong sphere
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information and modify host object state.
The vulnerability exists due to improper isolation in Promise.prototype.then handling in setup-sandbox.js when processing host-side Promise resolutions exposed to the sandbox. A remote attacker can expose a host-side Promise that resolves to a host object and access the resolved value inside a sandbox .then() callback to disclose sensitive information and modify host object state.
Host object identity is preserved across the sandbox boundary, enabling host-side WeakMap or WeakSet identity checks from within the sandbox.
7) Incorrect authorization (CVE-ID: CVE-2026-43999)
CWE-ID: CWE-863 - Incorrect Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code on the host system.
The vulnerability exists due to improper access control in the NodeVM builtin allowlist handling for the module builtin when processing sandboxed code that can require builtins. A remote user can invoke Module._load() through the allowed module builtin to execute arbitrary code on the host system.
Exploitation requires the module builtin to be allowed, including through the '*' wildcard, and results in a sandbox escape into the host context.
8) Link following (CVE-ID: CVE-2026-43998)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code on the host system.
The vulnerability exists due to improper link resolution before file access in NodeVM require.root path restriction enforcement in lib/resolver-compat.js and lib/filesystem.js when loading modules through symlinks from within an allowed root directory in host context. A remote user can submit sandboxed code that requires a specially linked module to execute arbitrary code on the host system.
Exploitation requires symlinks inside the allowed root that point outside it, and is possible when NodeVM is configured with require context set to host.
9) Code Injection (CVE-ID: CVE-2026-44006)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper control of code generation in BaseHandler.getPrototypeOf in vm2/lib/bridge.js when processing crafted objects through util.inspect and WebAssembly.compileStreaming. A remote attacker can send specially crafted input to escape the sandbox and execute arbitrary code.
The issue can be triggered by reaching BaseHandler via util.inspect to obtain arbitrary prototypes.
10) Code Injection (CVE-ID: CVE-2026-43997)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper control of code generation in the vm2 sandbox when processing crafted JavaScript code. A remote attacker can supply specially crafted code to escape the sandbox and execute arbitrary code.
The issue allows access to host objects outside the intended sandbox boundary.
Remediation
Install update from vendor's website.
References
- https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8
- https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq
- https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.js#L665-L676
- https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7
- https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7
- https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw
- https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg
- https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8
- https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c
- https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8
- https://github.com/patriksimek/vm2/commit/408fc855f1cc1bbc2985b029465ee0e732ada433
- https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6
- https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160