A critical sandbox escape vulnerability has surfaced in the popular vm2 Node.js library. If attackers exploit the flaw successfully, they can execute arbitrary code on the underlying operating system.
As a result, the vulnerability—tracked as CVE-2026-22709—earns a CVSS score of 9.8 out of 10.0, placing it firmly in the critical severity range.
“In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed,” vm2 maintainer Patrik Simek said. “This allows attackers to escape the sandbox and run arbitrary code.”
vm2 serves as a Node.js library that runs untrusted code inside a supposedly secure sandboxed environment. To achieve this, it intercepts and proxies JavaScript objects, preventing sandboxed code from interacting directly with the host environment.
Root Cause: Promise Handler Sanitization Flaw
However, the newly discovered flaw originates from vm2’s improper sanitization of Promise handlers. Consequently, attackers can exploit this weakness as an escape vector, which ultimately enables arbitrary code execution outside the sandbox’s boundaries.
“The critical insight is that async functions in JavaScript return
globalPromiseobjects, notlocalPromiseobjects. SinceglobalPromise.prototype.thenandglobalPromise.prototype.catchare not properly sanitized (unlikelocalPromise),” Endor Labs researchers Peyton Kennedy and Cris Staicu said.
Although vm2 version 3.10.2 resolves CVE-2026-22709, the issue represents yet another sandbox escape in a long-running pattern. Over recent years, the library has suffered from multiple similar vulnerabilities, including CVE-2022-36067, CVE-2023-29017, CVE-2023-29199, CVE-2023-30547, CVE-2023-32314, CVE-2023-37466, and CVE-2023-37903.
Notably, the discovery of CVE-2023-37903 in July 2023 prompted Simek to announce the project’s discontinuation. Since then, however, the maintainers have removed those references from the latest README file on GitHub. In addition, the Security page—updated in October 2025—now states that vm2 3.x versions remain actively maintained.
Maintainer Warnings and Alternative Recommendations
Despite these updates, vm2’s Maintainer has Acknowledged that future Bypasses remain likely. Therefore, the Maintainer urges users to keep the library fully up to date and to evaluate more robust alternatives, such as isolated-vm, for stronger isolation guarantees.
“Instead of relying on the problematic vm model, the successor to vm2, isolated-vm relies on V8’s native Isolate interface, which offers a more solid foundation, but even then, the maintainers of vm2 stress the importance of isolation and actually recommend Docker with logical separation between components,” Semgrep said.
Given the flaw’s critical Severity, users should update Immediately to the latest available version, vm2 3.10.3, which also includes fixes for additional sandbox escape Vulnerabilities.
Source: TheHackerNews
Read more at Impreza News
