External risk intelligence

vm2 Sandbox Escape Vulnerability Allows Arbitrary Code Execution

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-47131

A critical vulnerability in the Node.js vm2 sandbox library allows attackers to escape the sandbox and execute arbitrary code by manipulating JavaScript's `Buffer` object and Node.js's error handling. This could impact system integrity if the library is used in deployed applications.

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-47131

vm2 is a Node.js library used by developers to sandbox code within an application. It is a build-time dependency or an internal component integrated into software logic, not a standalone service, network gateway, or internet-facing appliance. It is not designed to be directly exposed to the public internet in normal deployments.

PCI scan relevance

PCI Relevance for CVE-2026-47131

Yes

CVE-2026-47131 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in vm2 allows attackers to execute arbitrary code, potentially leading to a PCI ASV scan failure due to remote code execution.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in vm2, a Node.js sandbox technology. This issue could allow unauthorized code execution, potentially impacting systems that utilize this library for code isolation. The primary concern is to confirm if and where this technology is deployed within our environment.

Sandbox could be escaped by attackers.
High impact if our code uses this sandbox.
Confirm if this technology is used internally.

Attack Path

How an attacker could exploit the issue

An attacker could compromise a Node.js application that utilizes the vm2 library to escape its sandbox environment. By chaining specific interactions with JavaScript's `Buffer` object and Node.js's error handling, an attacker can gain access to the host's `TypeError` constructor. This allows them to execute arbitrary code outside the intended sandbox.

No authentication or special access is needed.
Manipulate Buffer and error constructors.
Arbitrary code execution on host.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute arbitrary code within the host system when the vm2 sandbox is used. This may impact system integrity and data confidentiality if the sandbox is not properly isolated.

Arbitrary code execution on host system.
Exploits sandbox escape vulnerability.
Compromises system integrity and data.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The vm2 Node.js sandbox library's critical vulnerability requires immediate attention from development teams and platform owners. Identifying all instances of vm2, assessing their exposure and business criticality, and confirming ownership are the essential first steps before planning remediation. This process ensures that efforts are prioritized to address the most significant risks effectively.

Identify affected vm2 deployments.
Verify reachability and business criticality.
Plan remediation based on assessed risk.

Frequently asked questions

What is the vm2 library?

vm2 is an open-source sandbox library for Node.js environments. Developers use it to run untrusted JavaScript code in an isolated container to prevent that code from accessing the main application or host system. It acts as a protective layer, often integrated into software logic as a dependency to safely execute user-provided scripts.

What does CWE-913 mean for CVE-2026-47131?

CWE-913 refers to improper control of dynamically-managed code resources. In the context of CVE-2026-47131, this means the sandbox failed to properly restrict access to internal language constructors. By manipulating specific objects, an attacker can trick the sandbox into revealing the host's underlying environment, effectively breaking the isolation barrier meant to keep the code contained.

How can an attacker trigger this sandbox escape?

An attacker triggers this vulnerability by providing crafted input that interacts with the Node.js Buffer object and specific error-handling mechanisms. By chaining these interactions, the attacker gains access to the host's TypeError constructor. It is important to note that this bug does not trigger through standard, safe usage of the library; it specifically requires the execution of malicious, specially designed code within the sandbox.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal indicates that risk is very unlikely for most environments because vm2 is a code library, not an internet-facing service or appliance. It typically resides deep within application logic as a build-time dependency. Unless your specific application is designed to accept and execute arbitrary, untrusted code from external users via the internet, the component is likely not directly exposed to attackers.

What are the first steps to address this vulnerability?

First, conduct an inventory to identify all applications using the vm2 library in your environment. Once located, verify if those applications handle untrusted user input, as this increases your risk profile. The primary remediation is to update your project dependencies to version 3.11.4 or later, which contains the necessary security patch to prevent the sandbox escape.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.