{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-47137/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2023-37903"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["vm2 (\u003c= 3.11.3)"],"_cs_severities":["critical"],"_cs_tags":["vm2","rce","sandbox-escape","CVE-2026-47137"],"_cs_type":"advisory","_cs_vendors":["npm"],"content_html":"\u003cp\u003eThe vm2 npm package, a sandboxing solution for Node.js, is vulnerable to a remote code execution (RCE) bypass of the CVE-2023-37903 patch. This bypass occurs because the check implemented to prevent the combination of \u003ccode\u003enesting: true\u003c/code\u003e and \u003ccode\u003erequire: false\u003c/code\u003e uses strict equality (\u003ccode\u003e===\u003c/code\u003e). By simply omitting the \u003ccode\u003erequire\u003c/code\u003e option when instantiating a \u003ccode\u003eNodeVM\u003c/code\u003e, the check is bypassed, as \u003ccode\u003eoptions.require\u003c/code\u003e becomes \u003ccode\u003eundefined\u003c/code\u003e, not \u003ccode\u003efalse\u003c/code\u003e. This oversight allows an attacker to bypass the intended security restrictions and execute arbitrary code on the host system. This vulnerability affects vm2 versions 3.11.3 and earlier and poses a significant risk to applications relying on vm2 for sandboxing untrusted code.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker injects malicious JavaScript code into a \u003ccode\u003eNodeVM\u003c/code\u003e instance configured with \u003ccode\u003enesting: true\u003c/code\u003e but without explicitly setting the \u003ccode\u003erequire\u003c/code\u003e option.\u003c/li\u003e\n\u003cli\u003eThe initial security check in \u003ccode\u003enodevm.js\u003c/code\u003e at line 263 fails because \u003ccode\u003eoptions.require\u003c/code\u003e is \u003ccode\u003eundefined\u003c/code\u003e instead of \u003ccode\u003efalse\u003c/code\u003e, thus bypassing the intended restriction.\u003c/li\u003e\n\u003cli\u003eThe code inside the \u003ccode\u003eNodeVM\u003c/code\u003e then uses \u003ccode\u003erequire('vm2')\u003c/code\u003e to gain access to the vm2 library itself.\u003c/li\u003e\n\u003cli\u003eThe injected code constructs a new, nested \u003ccode\u003eNodeVM\u003c/code\u003e instance, this time explicitly enabling the \u003ccode\u003echild_process\u003c/code\u003e module via \u003ccode\u003erequire: { builtin: ['child_process'] }\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe nested \u003ccode\u003eNodeVM\u003c/code\u003e instance is then used to execute arbitrary operating system commands using \u003ccode\u003echild_process.execSync()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe output of the command is converted to a string.\u003c/li\u003e\n\u003cli\u003eThe string is returned as the result of the initial \u003ccode\u003envm.run()\u003c/code\u003e call, demonstrating successful command execution on the host.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full remote code execution on the host system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the host system. In a multi-tenant environment or any situation where vm2 is used to sandbox untrusted code, this can lead to complete system compromise. The attacker can gain access to sensitive data, install malware, or pivot to other systems on the network. The observed damage is full RCE.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of vm2 that addresses this vulnerability.\u003c/li\u003e\n\u003cli\u003eApply the suggested fix to \u003ccode\u003enodevm.js\u003c/code\u003e locally if an immediate upgrade is not possible: Change the check to \u003ccode\u003eif (options.nesting === true \u0026amp;\u0026amp; !options.require)\u003c/code\u003e as documented in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect attempts to exploit this vulnerability, focusing on \u003ccode\u003eprocess_creation\u003c/code\u003e events originating from within vm2 sandboxes.\u003c/li\u003e\n\u003cli\u003eMonitor for unusual \u003ccode\u003erequire()\u003c/code\u003e calls within vm2 sandboxes, especially those attempting to load the \u003ccode\u003echild_process\u003c/code\u003e module.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T17:52:09Z","date_published":"2026-05-29T17:52:09Z","id":"https://feed.craftedsignal.io/briefs/2026-05-vm2-rce-bypass/","summary":"The vm2 npm package has a remote code execution vulnerability due to a patch bypass for CVE-2023-37903; the vulnerability occurs because the check for `nesting: true` and `require: false` in `nodevm.js` uses strict equality, which can be bypassed by omitting the `require` option entirely, allowing an attacker to execute arbitrary OS commands.","title":"vm2 CVE-2023-37903 Patch Bypass: Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-vm2-rce-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-47137","version":"https://jsonfeed.org/version/1.1"}