A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code.
The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS v3.1 base score of 10.0, indicating maximum severity.
The vulnerability stems from incomplete callback sanitization in Promise prototype handling.
While the vm2 developers sanitized callbacks for localPromise.prototype.then, the sanitization does not apply to globalPromise.prototype.then.
Since async functions return global Promise objects rather than local ones, attackers can bypass sandbox restrictions and gain code execution privileges on the underlying host system.
VM2 Sandbox Vulnerability
The vulnerability exploits an asymmetry in callback sanitization across promise chains.
Researchers discovered that Promise.prototype.catch callbacks can be manipulated through error stack manipulation.
| CVE ID | Package | Affected Versions | CVSS Score | Vulnerability Type | Attack Vector |
|---|---|---|---|---|---|
| CVE-2026-22709 | vm2 (npm) | ≤ 3.10.0 | 10.0 | Sandbox Escape | Network |
By creating an error object with a symbolic name and triggering an async function, an attacker gains access to the Error constructor, which ultimately enables arbitrary code execution via the Function constructor.
The attack chain leverages this progression to instantiate a Function object with arbitrary payload code.
In proof-of-concept demonstrations, attackers have successfully executed system commands such as execSync() via access to the child_process module, completely circumventing the sandbox isolation layer.
VM2 maintainers released version 3.10.2, a patched version, to address the flaw.
This update properly sanitizes Promise callbacks across both local and global prototype chains, closing the sandbox escape vector.
Organizations using vm2 should immediately upgrade to version 3.10.2 or later.
The package co-founder, Patrik Šimek, published a GitHub advisory two days ago, showing active maintenance and a rapid response to the security issue
Development teams relying on VM2 for code sandboxing should treat this as a critical priority.
Conduct immediate inventory assessments across development and production environments to identify affected deployments.
Deploy version 3.10.2 through your package management pipeline without delay, and validate that no production instances remain on vulnerable versions.
Until patching is complete, consider restricting VM2 execution contexts to trusted code only.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
