vm2 Vulnerabilities Arise from Cross-Layer Symbol Handling Defects

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: Critical

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

[emaillocker id="1283"]

A series of vulnerabilities have been uncovered in the vm2 npm package. The issues span remote code execution via Promise species manipulation, host-object property injection through a faulty bridge set trap, cross-realm Symbol misuse that enables semantic-confusion attacks, and unintended exposure of process-wide observability builtins. Collectively they allow sandboxed code to break out of isolation, alter host behavior, read sensitive request and performance data, and execute arbitrary commands on the underlying system, posing severe operational, compliance, and reputational risks for enterprises that rely on vm2 for code sandboxing.

CVE-2026-47209 with a CVSS score of 8.6 – The bridge set trap ignores the receiver argument, causing property writes from sandbox‑created prototype‑inheriting objects to be applied directly to host objects, including dangerous Symbol‑keyed properties; an attacker who can run code inside a vm2 sandbox can inject or overwrite host state.

CVE-2026-47135 with a CVSS score of 8.7 – Incomplete Symbol.for overrides and missing dangerous‑symbol checks in bridge write traps let sandbox code obtain real cross‑realm symbols and write them to host objects, enabling hijacking of util.promisify and stream APIs; exploitation requires sandbox execution with access to host references.

CVE-2026-47208 with a CVSS score of 10.0 – Manipulating the Promise species allows a crafted promise to surface raw host errors and invoke child_process, granting full remote code execution from within the vm2 sandbox; the attacker must supply JavaScript to the VM.

CVE-2026-47137 with a CVSS score of 10.0 – A bypass of a vm2 security fix allows attackers to exploit NodeVM instances configured with nesting: true by omitting the require option. The flawed validation logic permits the creation of unconstrained nested VMs capable of executing arbitrary operating system commands, leading to full host compromise.

RECOMMENDATION: