Lucene search
+L

4 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.15 views

CVE-2026-47208

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS0.0051EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:17 p.m.39 views

CVE-2026-47210 vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

9.8CVSS0.00507EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:16 p.m.12 views

EUVD-2026-36447

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.0051EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:14 p.m.9 views

CVE-2026-47131 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, by combining Buffer.call.call.lookupGetter, Buffer, "proto", Buffer.call.call.lookupSetter, Buffer, "proto", and Node.js's ERRINVALIDARGTYPE Error, the host's TypeError constructor can be obtained, which allows the escape from...

10CVSS5.5AI score0.004EPSS
Exploits0References3
Rows per page
Query Builder