https://feed.craftedsignal.io/products/vm2--3.11.3/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 29 May 2026 17:52:09 +0000https://feed.craftedsignal.io/briefs/2026-05-vm2-rce-bypass/Fri, 29 May 2026 17:52:09 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-vm2-rce-bypass/The vm2 npm package has a remote code execution vulnerability due to a patch bypass for CVE-2023-37903; the vulnerability occurs because the check for `nesting: true` and `require: false` in `nodevm.js` uses strict equality, which can be bypassed by omitting the `require` option entirely, allowing an attacker to execute arbitrary OS commands.The vm2 npm package, a sandboxing solution for Node.js, is vulnerable to a remote code execution (RCE) bypass of the CVE-2023-37903 patch. This bypass occurs because the check implemented to prevent the combination of nesting: true and require: false uses strict equality (===). By simply omitting the require option when instantiating a NodeVM, the check is bypassed, as options.require becomes undefined, not false. This oversight allows an attacker to bypass the intended security restrictions and execute arbitrary code on the host system. This vulnerability affects vm2 versions 3.11.3 and earlier and poses a significant risk to applications relying on vm2 for sandboxing untrusted code.

Attack Chain

1. An attacker injects malicious JavaScript code into a NodeVM instance configured with nesting: true but without explicitly setting the require option.
2. The initial security check in nodevm.js at line 263 fails because options.require is undefined instead of false, thus bypassing the intended restriction.
3. The code inside the NodeVM then uses require('vm2') to gain access to the vm2 library itself.
4. The injected code constructs a new, nested NodeVM instance, this time explicitly enabling the child_process module via require: { builtin: ['child_process'] }.
5. The nested NodeVM instance is then used to execute arbitrary operating system commands using child_process.execSync().
6. The output of the command is converted to a string.
7. The string is returned as the result of the initial nvm.run() call, demonstrating successful command execution on the host.
8. The attacker achieves full remote code execution on the host system.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the host system. In a multi-tenant environment or any situation where vm2 is used to sandbox untrusted code, this can lead to complete system compromise. The attacker can gain access to sensitive data, install malware, or pivot to other systems on the network. The observed damage is full RCE.

Recommendation

• Upgrade to a patched version of vm2 that addresses this vulnerability.
• Apply the suggested fix to nodevm.js locally if an immediate upgrade is not possible: Change the check to if (options.nesting === true && !options.require) as documented in the advisory.
• Deploy the Sigma rules provided to detect attempts to exploit this vulnerability, focusing on process_creation events originating from within vm2 sandboxes.
• Monitor for unusual require() calls within vm2 sandboxes, especially those attempting to load the child_process module.

]]>criticaladvisoryvm2rcesandbox-escapeCVE-2026-47137https://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-escape/Fri, 29 May 2026 17:51:55 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-escape/A sandbox escape vulnerability, CVE-2026-47210, in `vm2` allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI, bypassing Promise-species hardening and exposing a host-originated rejection object to attacker-controlled species logic.A critical sandbox escape vulnerability exists in vm2 (versions 3.11.3 and earlier) that allows for arbitrary code execution on the host system. This vulnerability, assigned CVE-2026-47210, occurs when vm2 is used with Node.js runtimes (specifically Node 26) that expose WebAssembly JSPI features (WebAssembly.promising / WebAssembly.Suspending). By exploiting the interaction between JSPI-backed Promises and the .finally() method, an attacker can bypass the intended sandbox protection and gain access to the host process. This bypass exposes a host-originated TypeError during JSPI processing which exposes a usable host constructor chain within attacker-controlled species logic. This can lead to full compromise of services relying on vm2 isolation.

Attack Chain

1. Attacker provides untrusted JavaScript code to the vm2 sandbox environment.
2. The JavaScript code leverages WebAssembly JSPI features, specifically WebAssembly.promising and WebAssembly.Suspending, to create JSPI-backed Promises.
3. The attacker manipulates the JSPI-backed Promise to reach the Promise.prototype.finally() method.
4. The finally() method is triggered, leading to execution of attacker-controlled species logic.
5. A host-originated TypeError is generated during JSPI processing due to the Promise rejection.
6. The rejection object from the TypeError exposes a host constructor chain to the attacker.
7. The attacker utilizes the host constructor chain to gain access to the host process object.
8. The attacker leverages the process object (e.g., process.mainModule.require('child_process').execSync) to execute arbitrary commands on the host system, escaping the sandbox.

Impact

This vulnerability allows for a complete sandbox escape, leading to arbitrary code execution in the host process. This poses a significant risk to applications relying on vm2 for security isolation. Successful exploitation can result in arbitrary command execution, unauthorized file access (read/write), theft of sensitive data (secrets, tokens, credentials), and full compromise of services utilizing vm2. This issue affects applications using vm2 to execute untrusted JavaScript, especially those running on Node.js 26.

Recommendation

• Upgrade vm2 to a version greater than 3.11.3 to patch CVE-2026-47210.
• Apply the following rules to detect potential exploitation attempts targeting vm2 sandboxes.
• Monitor process creation events for unexpected child processes spawned from Node.js processes, especially if they involve command execution (Rule: “Detect Suspicious Child Process from Node.js”).
• Monitor vm2 for suspicious activity related to WebAssembly and Promise handling (Rule: “Detect vm2 WebAssembly Promise .finally()”).

]]>criticaladvisorysandbox-escapercevm2https://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-breakout/Fri, 29 May 2026 17:41:49 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-vm2-sandbox-breakout/VM2 is vulnerable to a sandbox breakout vulnerability (CVE-2026-47208) that allows attackers to execute arbitrary commands on the host system by manipulating Promise species and escaping the sandbox context.A critical sandbox breakout vulnerability (CVE-2026-47208) has been identified in vm2 versions 3.11.3 and earlier. This flaw allows an attacker with the ability to execute arbitrary code within the vm2 sandbox to escape the sandbox and achieve arbitrary code execution on the host system. The vulnerability arises due to a missing resetPromiseSpecies call within the localPromise constructor when handling rejected promises, leading to the possibility of injecting a custom promise with a specially crafted reject method. This bypasses the intended security boundaries of the vm2 sandbox.

Attack Chain

1. Attacker gains initial code execution within the vm2 sandbox environment.
2. Attacker defines a custom FakePromise class with a getter for Symbol.species that returns a custom constructor ct.
3. Attacker defines a function doCatch that takes a function f as input and creates a new Promise using Promise.withResolvers().
4. The custom constructor ct is assigned to the Symbol.species of the FakePromise class within the doCatch function. The ct constructor defines how the promise will be resolved or rejected, intercepting errors.
5. The FakePromise constructor is called with a resolver function, allowing the custom reject method in ct to get called when a promise is rejected.
6. The attacker triggers an error within the sandbox (e.g., a RangeError by overflowing the stack). The custom reject method in ct intercepts the error, determines if it is a RangeError and not a standard Error object, and then executes host commands using child_process.execSync('touch pwned').
7. A file named pwned is created on the host system, demonstrating successful code execution outside the sandbox.
8. The attacker now has arbitrary code execution on the host system.

Impact

Successful exploitation of CVE-2026-47208 allows an attacker to bypass the vm2 sandbox and execute arbitrary code on the host system. This can lead to complete system compromise, data theft, or denial-of-service. The severity is critical due to the ease of exploitation and the potential for widespread impact on applications relying on vm2 for sandboxing untrusted code. The number of victims depends on the adoption of the vulnerable vm2 package.

Recommendation

• Upgrade to vm2 version 3.11.4 or later to patch CVE-2026-47208.
• Deploy the Sigma rule “Detect VM2 Sandbox Escape via Promise Species Manipulation” to detect exploitation attempts by monitoring for the execution of child_process.execSync within the vm2 sandbox.
• Review and restrict the use of vm2 in environments where untrusted code execution is a significant risk.

]]>criticaladvisoryvm2sandbox-escaperce