SB2026051890 - Multiple vulnerabilities in vm2
Published: May 18, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 vulnerabilities.
1) Exposure of Resource to Wrong Sphere (CVE-ID: N/A)
CWE-ID: CWE-668 - Exposure of resource to wrong sphere
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to exposure of process-wide observability resources to the wrong sphere in NodeVM builtin module handling when allowing require.builtin access to diagnostics_channel, async_hooks, or perf_hooks. A remote user can run untrusted JavaScript that uses these builtins to disclose sensitive information.
Exploitation requires the host application to allow these builtins and use HTTP, async request context, diagnostics channels, or performance marks in the same process.
2) Protection Mechanism Failure (CVE-ID: N/A)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to protection mechanism failure in NodeVM builtin module restrictions when resolving excluded network builtins. A remote attacker can require internal modules such as _http_client and _http_server to disclose sensitive information.
This can provide SSRF-style access to localhost services, metadata endpoints, internal admin panels, or other network resources reachable from the host process.
3) Protection Mechanism Failure (CVE-ID: N/A)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code in the host process.
The vulnerability exists due to protection mechanism failure in the NodeVM builtin denylist in lib/builtin.js when exposing non-denied builtins to sandboxed code through require.builtin. A remote attacker can require the process or inspector/promises builtins to execute arbitrary code in the host process.
This affects applications that allow untrusted JavaScript to run inside NodeVM with process, inspector/promises, or the wildcard "*" permitted in require.builtin; it is not reachable with the default configuration where require is disabled or no affected builtins are allowed.
4) Improper Control of Dynamically-Managed Code Resources (CVE-ID: N/A)
CWE-ID: CWE-913 - Improper Control of Dynamically-Managed Code Resources
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper control of dynamically-managed code resources in Promise.prototype.finally() species handling when executing untrusted code with async support on runtimes exposing WebAssembly JSPI. A remote attacker can trigger a JSPI-backed Promise path that exposes a host-originated rejection object to attacker-controlled species logic to execute arbitrary code.
Only environments exposing WebAssembly.promising or WebAssembly.Suspending are affected, and the issue breaks the sandbox boundary by exposing access to host process objects.
5) Improper Control of Dynamically-Managed Code Resources (CVE-ID: N/A)
CWE-ID: CWE-913 - Improper Control of Dynamically-Managed Code Resources
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the host system.
The vulnerability exists due to improper control of dynamically-managed code resources in the NodeVM sandbox implementation in nodevm.js when creating a sandbox with nesting enabled and the require option omitted. A remote attacker can run code inside a crafted NodeVM configuration to execute arbitrary code on the host system.
The issue occurs because a strict equality check skips the unsafe combination when require is undefined, after which the default assignment sets it to false. The inner VM is not constrained by the outer sandbox configuration.
6) Protection Mechanism Failure (CVE-ID: N/A)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to inject properties into host objects via the prototype chain.
The vulnerability exists due to improper access control in the BaseHandler.set trap in bridge.js when handling inherited property assignments on proxy-backed objects. A remote attacker can create a prototype-inheriting child object and assign crafted properties to inject properties into host objects via the prototype chain.
Dangerous Symbol-keyed properties can be written to host objects, which can lead to semantic confusion across realms.
7) Protection Mechanism Failure (CVE-ID: N/A)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to modify host-side behavior and disclose sensitive information.
The vulnerability exists due to protection mechanism failure in setup-sandbox.js and bridge.js when processing cross-realm Symbol.for keys and symbol-keyed property operations. A remote attacker can obtain unblocked cross-realm symbols and write them to host objects to modify host-side behavior and disclose sensitive information.
This can affect non-frozen host objects exposed to the sandbox and was demonstrated through a util.promisify hijack chain.
8) Improper Control of Dynamically-Managed Code Resources (CVE-ID: N/A)
CWE-ID: CWE-913 - Improper Control of Dynamically-Managed Code Resources
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary commands on the host system.
The vulnerability exists due to improper control of dynamically-managed code resources in the vm2 sandbox promise handling when processing Promise species during rejected promise handling. A remote attacker can run crafted code inside a vm2 sandbox to execute arbitrary commands on the host system.
Exploitation requires the ability to run arbitrary code inside the context of a vm2 sandbox.
9) Protection Mechanism Failure (CVE-ID: N/A)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to interfere with stack-trace formatting and observe bridge-internal data writes.
The vulnerability exists due to protection mechanism failure in defaultSandboxPrepareStackTrace in lib/setup-sandbox.js when processing error stack traces. A remote attacker can install a setter on Array.prototype at a targeted index to interfere with stack-trace formatting and observe bridge-internal data writes.
The issue is triggered when sandbox code reads error.stack or otherwise invokes Error.prepareStackTrace, and the current observed value is limited to appended primitive string frame text rather than a host-realm reference.
10) Improper Control of Dynamically-Managed Code Resources (CVE-ID: N/A)
CWE-ID: CWE-913 - Improper Control of Dynamically-Managed Code Resources
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper control of dynamically-managed code resources in the vm2 sandbox when processing crafted code inside the sandbox. A remote attacker can combine Buffer prototype accessors with Node.js error handling to escape the sandbox and execute arbitrary code.
The issue allows access to the host's TypeError constructor, resulting in a scope change from the sandbox to the host environment.
Remediation
Install update from vendor's website.
References
- https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f
- https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p
- https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4
- https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q
- https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr
- https://github.com/advisories/GHSA-8hg8-63c5-gwmx
- https://github.com/patriksimek/vm2/security/advisories/GHSA-c4cf-2hgv-2qv6
- https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp
- https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j
- https://github.com/patriksimek/vm2/security/advisories/GHSA-q3fm-4wcw-g57x
- https://github.com/patriksimek/vm2/commit/ca195f0178989d6f59eafb7af965806f829e20f7
- https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg