“`html
A significant sandbox escape weakness has been discovered in vm2. This extensively utilized Node.js library offers sandbox isolation for running untrusted code.
The issue, recorded as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), impacts all releases up to and including 3.10.0 and has a CVSS v3.1 base score of 10.0, signifying utmost severity.
The flaw arises from insufficient callback sanitization in handling the Promise prototype.
While the vm2 creators sanitized callbacks for localPromise.prototype.then, this sanitization does not extend to globalPromise.prototype.then.
As async functions return global Promise objects instead of local ones, attackers can circumvent sandbox limitations and obtain code execution rights on the fundamental host system.
VM2 Sandbox Vulnerability
The flaw capitalizes on an inconsistency in callback sanitization throughout promise chains.
Experts identified that Promise.prototype.catch callbacks can be influenced through manipulation of the error stack.
| CVE ID | Package | Affected Versions | CVSS Score | Vulnerability Type | Attack Vector |
|---|---|---|---|---|---|
| CVE-2026-22709 | vm2 (npm) | ≤ 3.10.0 | 10.0 | Sandbox Escape | Network |
By forming an error object with a symbolic designation and activating an async function, an attacker accesses the Error constructor, which ultimately allows arbitrary code execution through the Function constructor.
The attack sequence utilizes this process to create a Function object with arbitrary payload code.
In proof-of-concept presentations, attackers have successfully executed system commands such as execSync() via access to the child_process module, completely bypassing the sandbox isolation layer.
VM2 maintainers issued version 3.10.2, a revised version, to rectify the issue.
This update effectively sanitizes Promise callbacks throughout both local and global prototype chains, closing the sandbox escape pathway.
Organizations employing vm2 should promptly update to version 3.10.2 or later.
The package co-founder, Patrik Šimek, shared a GitHub advisory two days ago, demonstrating active maintenance and a swift response to the security concern.
Development teams depending on VM2 for code sandboxing should treat this as a crucial priority.
Conduct immediate audits across development and production environments to pinpoint affected deployments.
Deploy version 3.10.2 through your package management pipeline without delay, and confirm that no production instances remain on vulnerable versions.
Until patching is finalized, consider confining VM2 execution contexts to trusted code only.
“`