External risk intelligence

vm2 Sandbox Escape Vulnerability Allows Arbitrary Code Execution

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-47210

A critical vulnerability in the Node.js vm2 library allows arbitrary code execution in the host process when untrusted code is executed with async support. This sandbox escape occurs when a Promise interacts with certain JavaScript APIs, breaking the security boundary. Applications using the affected vm2 versions could

1Halo Surface Signal

External exposure likelihood

Halo Surface Signal score for CVE-2026-47210

vm2 is a library integrated into Node.js applications as a developer-controlled sandbox component. It is not an internet-facing service, appliance, or gateway itself. Exposure depends entirely on how a developer implements it within their specific application code, making direct public-internet exposure of the library itself unlikely.

PCI scan relevance

PCI Relevance for CVE-2026-47210

Yes

CVE-2026-47210 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This CVE is relevant for PCI scans due to a sandbox escape vulnerability in vm2 that allows arbitrary code execution, which could lead to a scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical vulnerability in the Node.js vm2 sandbox library, which could allow untrusted code execution within the host process. The issue arises from a specific interaction with WebAssembly JSPI features, enabling a sandbox escape. While the library is not directly internet-facing, its integration into applications means this vulnerability could impact systems running the affected code.

Code can escape the sandbox to run on the host.
Affects Node.js applications using the vm2 library.
Confirm if your applications use vm2 and are exposed.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by executing untrusted code within a Node.js application that uses the vm2 library with asynchronous support enabled. The vulnerability lies in how the library handles Promises when interacting with WebAssembly, allowing crafted code to break out of the sandbox and gain control of the host process.

No authentication or user interaction needed.
Execute untrusted code within the sandbox.
Arbitrary code execution in the host process.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute arbitrary code within the host Node.js process when untrusted code is run with async support on specific runtimes. This occurs when a Promise in the sandbox interacts with certain JavaScript APIs, bypassing the sandbox's protections.

Host process code execution.
Untrusted code bypasses sandbox.
Compromise of application's environment.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in vm2 impacts Node.js applications that execute untrusted code within a sandbox. Application owners and platform teams are likely responsible for managing dependencies like vm2. The first practical step is to identify all instances of vm2 within your codebase, assess their exposure and criticality, and determine the accountable owner before planning remediation.

Identify application owners and affected code.
Verify vm2 usage and exposure in applications.
Plan remediation based on identified risks.

Frequently asked questions

What is vm2 and what is it used for?

vm2 is an open-source library for Node.js that creates an isolated sandbox environment. Developers use it to safely execute untrusted JavaScript code by restricting that code's access to the main host process, effectively keeping the sandbox and the underlying application separate.

What is the vulnerability in CVE-2026-47210?

This is a sandbox escape vulnerability, classified as CWE-913: Improper Control of Dynamically-Managed Code Resources. It occurs when the sandbox fails to properly isolate untrusted code that utilizes WebAssembly JSPI features. This flaw allows malicious code to break out of its container and execute arbitrary commands directly on the host system.

How does an attacker trigger this vulnerability?

An attacker must be able to run untrusted code within a Node.js application that uses vm2 with asynchronous support enabled. The bug is specifically triggered when JSPI-backed Promises interact with internal Promise rejection logic. The vulnerability is not triggered if your application does not use vm2, or if it does not execute untrusted code using async support.

Is my application at risk from this CVE?

According to Halo Surface Signal, vm2 is a developer-controlled library rather than an internet-facing gateway or appliance. Your risk depends entirely on your specific implementation: if your application processes untrusted user input using an older version of vm2, the potential for a sandbox escape exists, even though the library itself is not directly exposed to the internet.

How do I address this security issue?

The primary response is to update your vm2 dependency to version 3.11.4 or later, which contains the fix for this escape flaw. Start by auditing your codebase to locate where vm2 is implemented and identify the team responsible for managing that application, then proceed with updating the package and verifying the fix.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.