{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/vm2--3.10.3/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-24120"}],"_cs_exploited":false,"_cs_products":["vm2 (\u003c= 3.10.3)"],"_cs_severities":["critical"],"_cs_tags":["sandbox-escape","rce","javascript"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eA critical vulnerability exists within the vm2 npm package, specifically in versions 3.10.3 and earlier. This vulnerability stems from an insufficient fix for a prior sandbox escape issue (GHSA-cchq-frgv-rjh5). Attackers can bypass the intended security measures by manipulating the \u003ccode\u003especies\u003c/code\u003e property of Promise objects. The flaw lies in the ability to overwrite native JavaScript functions like \u003ccode\u003e[].includes\u003c/code\u003e and \u003ccode\u003eObject.defineProperty\u003c/code\u003e, which are used in the \u003ccode\u003eresetPromiseSpecies\u003c/code\u003e function. By preventing the proper resetting of the Promise species, attackers can achieve arbitrary code execution on the host system, effectively breaking out of the vm2 sandbox. This vulnerability was reported in GHSA-qvjj-29qf-hp7p, published May 5, 2026.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker provides JavaScript code to be executed within the vm2 sandbox.\u003c/li\u003e\n\u003cli\u003eThe code redefines \u003ccode\u003eObject.defineProperty\u003c/code\u003e to prevent modification of the \u003ccode\u003especies\u003c/code\u003e property.\u003c/li\u003e\n\u003cli\u003eThe code defines an asynchronous function that returns an Error object with a Symbol as its name.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003econstructor\u003c/code\u003e of the Promise is overwritten with a custom class that defines a specific \u003ccode\u003eSymbol.species\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe custom \u003ccode\u003eSymbol.species\u003c/code\u003e utilizes an executor that calls the reject function.\u003c/li\u003e\n\u003cli\u003eThe reject function executes arbitrary code on the host system via \u003ccode\u003echild_process.execSync\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers the Promise\u0026rsquo;s \u003ccode\u003ethen()\u003c/code\u003e method.\u003c/li\u003e\n\u003cli\u003eThe host system executes arbitrary commands, such as creating a file named \u0026ldquo;pwned\u0026rdquo;.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to perform Remote Code Execution (RCE) on the host system. Given the nature of vm2 as a sandbox environment for running untrusted code, this vulnerability represents a significant security risk. If an attacker can run arbitrary code inside the context of a vm2 sandbox, they can leverage this vulnerability to compromise the underlying host system, potentially leading to data theft, system takeover, or other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of the \u003ccode\u003evm2\u003c/code\u003e package that addresses CVE-2026-24120.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule detecting attempts to redefine \u003ccode\u003eObject.defineProperty\u003c/code\u003e within the vm2 environment to your SIEM.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected process creation events originating from the vm2 process using the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T12:00:00Z","date_published":"2026-05-06T12:00:00Z","id":"/briefs/2026-05-vm2-sandbox-escape/","summary":"A vulnerability in vm2 versions 3.10.3 and earlier allows attackers to bypass a previous sandbox escape fix by manipulating Promise species, leading to arbitrary code execution on the host system.","title":"VM2 Sandbox Escape via Promise Species Manipulation","url":"https://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-escape/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-24781"}],"_cs_exploited":false,"_cs_products":["vm2 (\u003c= 3.10.3)"],"_cs_severities":["critical"],"_cs_tags":["sandbox-escape","rce","vm2"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eA critical sandbox escape vulnerability has been identified in VM2, a popular JavaScript sandbox environment for Node.js. This vulnerability, assigned CVE-2026-24781, stems from the improper handling of proxies within the \u003ccode\u003einspect\u003c/code\u003e function. By exploiting this flaw, an attacker can bypass the VM2 sandbox and execute arbitrary code on the host system. The vulnerability affects VM2 versions 3.10.3 and earlier. This allows for remote code execution under the assumption that arbitrary code can be executed inside the context of a VM2 sandbox. Defenders should update to the latest version and implement the provided detections.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker executes code within the VM2 sandbox, leveraging the \u003ccode\u003einspect\u003c/code\u003e function to log details of objects.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003einspect\u003c/code\u003e method unwraps proxies to access object details.\u003c/li\u003e\n\u003cli\u003eThe attacker uses \u003ccode\u003ethis.seen\u003c/code\u003e of the \u003ccode\u003estylize\u003c/code\u003e function to extract unwrapped values, gaining access to the internal proxy handler of VM2.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the sandbox object within the proxy handler. Accessing the handler is wrapped by a VM2 proxy.\u003c/li\u003e\n\u003cli\u003eThe wrapped sandbox object is given into the sandbox.\u003c/li\u003e\n\u003cli\u003eThe attacker writes a wrapped host object to the wrapped sandbox object.\u003c/li\u003e\n\u003cli\u003eThe attacker reads the raw host object from the raw sandbox object, bypassing the proxy bridge.\u003c/li\u003e\n\u003cli\u003eThe attacker utilizes the \u003ccode\u003echild_process\u003c/code\u003e module to execute arbitrary commands on the host system, such as creating a file named \u003ccode\u003epwned\u003c/code\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to perform Remote Code Execution (RCE) on the host system where the VM2 sandbox is running. This can lead to complete system compromise, data exfiltration, or denial of service. Given VM2\u0026rsquo;s usage in various applications for untrusted code execution, the impact could be widespread.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to the latest version of \u003ccode\u003evm2\u003c/code\u003e to patch CVE-2026-24781.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for suspicious commands executed by Node.js processes as highlighted in the attack chain.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T12:00:00Z","date_published":"2026-05-06T12:00:00Z","id":"/briefs/2026-05-vm2-sandbox-breakout/","summary":"A sandbox breakout vulnerability exists in VM2 through the `inspect` function, allowing attackers to escape the sandbox and execute arbitrary commands on the host system.","title":"VM2 Sandbox Breakout via Inspect Function Allows Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-breakout/"}],"language":"en","title":"CraftedSignal Threat Feed — Vm2 (\u003c= 3.10.3)","version":"https://jsonfeed.org/version/1.1"}