Lucene search
K

7 matches found

CVE
CVE
added 2026/06/12 2:14 p.m.28 views

CVE-2026-47131

vm2 prior to 3.11.4 contains a sandbox escape: by using Buffer.call.call with {}.lookupGetter /lookupSetter and Node.js ERR_INVALID_ARG_TYPE, an attacker can obtain the host TypeError constructor and break out of the sandbox, enabling arbitrary code execution. The issue is fixed in vm2 v3.11.4. R...

10CVSS5.4AI score0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/13 5:31 p.m.37 views

CVE-2026-44006 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes. This vulnerability is fixed in 3.11.0...

10CVSS0.00815EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/07 4:0 a.m.8 views

NPM: vm2 Access to Host Object Enables Sandbox Escape

NPM: vm2 Access to Host Object Enables Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

10CVSS6AI score0.00976EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 4:44 p.m.8 views

GHSA-FFH4-J6H5-PG66 VM2 Has a WASM Sandbox Escape

Summary Full sandbox escape with arbitrary code execution. Attacker code inside VM.run obtains host process object and runs host commands with zero host cooperation. Details Confirmed on: vm2 3.10.4, Node.js v25.6.1 x64 Linux Trigger: Attacker-controlled code passed to VM.run Requires: Node.js...

9.8CVSS6.2AI score0.00921EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/04 4:35 p.m.30 views

CVE-2026-26332 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0...

9.8CVSS0.0071EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/26 9:32 p.m.21 views

CVE-2026-22709 vm2 has a Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of...

9.8CVSS0.01222EPSS
Exploits1References3
OSV
OSV
added 2023/04/12 8:42 p.m.8 views

GHSA-XJ72-WVFV-8985 vm2 Sandbox Escape vulnerability

There exists a vulnerability in source code transformer exception sanitization logic of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. Impact A threat...

9.8CVSS7.8AI score0.03852EPSS
Exploits1References7
Rows per page
Query Builder