External risk intelligence

vm2 Node.js Sandbox Allows Host Process Execution via Weak Built-in Denylist

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-47140

A vulnerability in the vm2 Node.js sandboxing library allowed sandboxed code to execute commands on the host system by bypassing restrictions on certain Node.js built-ins. This could lead to compromise of the underlying application or infrastructure. The issue has been patched in version 3.11.4.

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-47140

vm2 is a sandboxing library integrated into applications as a dependency, not a standalone service or internet-facing product. It is used by developers to isolate untrusted code execution within their own application logic. As a build-time component or internal library, it lacks a direct public-facing surface or common internet-exposed deployment pattern.

PCI scan relevance

PCI Relevance for CVE-2026-47140

Yes

CVE-2026-47140 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

Code execution in vm2 allows sandboxed code to bypass restrictions and execute code in the host process, which would likely cause a PCI ASV scan to fail.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

The vm2 sandboxing library for Node.js had a vulnerability that allowed sandboxed code to bypass restrictions and execute commands on the host system. This issue has been addressed in a recent version. The primary concern is to confirm if your applications utilize this specific library and are therefore exposed.

Untrusted code could execute on your servers.
Protects against potentially malicious code execution.
Confirm if your applications use this library.

Attack Path

How an attacker could exploit the issue

An attacker could leverage a vulnerability in the vm2 sandboxing library by injecting specially crafted code into a sandboxed environment. This code, by bypassing restrictions on certain Node.js built-ins, could then be used to execute arbitrary commands on the host system, leading to a compromise of the underlying application or infrastructure.

Unauthenticated network access required.
Bypasses built-in restrictions to execute code.
Host process code execution is possible.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow sandboxed code to bypass intended restrictions and execute commands on the host system. This occurs when the `process` or `inspector/promises` Node.js builtins are not adequately blocked within the sandbox.

Host process execution.
Untrusted code reaching host.
Potential for broad system compromise.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability impacts applications using the vm2 Node.js sandboxing library, potentially allowing sandboxed code to execute commands on the host. The first practical step is to identify all applications that depend on vm2, determine their business criticality and network exposure, and then confirm the accountable owner for remediation.

Application owners must own this issue.
Verify vm2 usage and exposure in applications.
Plan remediation during the next maintenance window.

Frequently asked questions

What is vm2 and how is it used?

vm2 is an open-source library for Node.js designed to create a secure, isolated sandbox for running untrusted code. Developers integrate it into their applications to execute dynamic or user-supplied scripts safely by restricting access to sensitive Node.js features. Because it functions as a dependency rather than a standalone service, it acts as a gatekeeper that ensures code running inside the sandbox cannot interfere with the main application or the underlying host system.

What is the vulnerability in CVE-2026-47140?

This vulnerability is classified as CWE-693: Protection Mechanism Failure. It occurs because the vm2 sandbox failed to fully restrict access to certain Node.js built-in features. Specifically, the library's denylist missed the 'process' and 'inspector/promises' modules. An attacker can use these missing restrictions to break out of the sandbox and gain the ability to execute code directly on the host machine running the application.

How does an attacker trigger this vulnerability?

An attacker triggers this by injecting specially crafted code into the environment managed by the vulnerable vm2 instance. By invoking the unrestricted 'process' or 'inspector/promises' built-ins, the code escapes its isolation. Simply using the library does not trigger the bug; the vulnerability is only activated if the application allows untrusted, attacker-controlled code to execute within the sandbox.

Do I need to worry about internet exposure for CVE-2026-47140?

According to Halo Surface Signal, this vulnerability is considered unlikely to be directly internet-facing because vm2 is an internal application library. However, you should care if your application accepts and runs untrusted input from any source—whether that input comes from public users or internal systems. If your software uses vm2 to process external data, the risk of a sandbox breakout remains significant regardless of the library's network architecture.

How should I respond to this security issue?

The most effective response is to update your project to vm2 version 3.11.4 or later, which includes the necessary patches to block the dangerous built-ins. Start by auditing your codebase to identify all applications that include vm2 as a dependency. Once you have confirmed which services use the library, prioritize updating those that handle the highest volume of untrusted code, and coordinate with the accountable owners to apply the fix during your next maintenance cycle.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.