{"id":16190,"date":"2026-05-08T00:16:16","date_gmt":"2026-05-08T00:16:16","guid":{"rendered":"https:\/\/newestek.com\/?p=16190"},"modified":"2026-05-08T00:16:16","modified_gmt":"2026-05-08T00:16:16","slug":"13-new-critical-holes-in-javascript-sandbox-allow-execution-of-arbitrary-code","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16190","title":{"rendered":"13 new critical holes in JavaScript sandbox allow execution of arbitrary code"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker\u2019s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2.<\/p>\n<p>The warnings come in advisories from vm2 maintainer <a href=\"https:\/\/github.com\/patriksimek\" target=\"_blank\" rel=\"noreferrer noopener\">Patrik Simek<\/a>.<\/p>\n<p>vm2 is an open source vm\/sandbox that can run untrusted code with whitelisted Node.js\u2019s built-in modules.<\/p>\n<p>One of the more serious of the 13 vulnerabilities is <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-26956\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-26956<\/a>, a full sandbox escape with arbitrary code execution. Attacker code that is inside\u00a0<em>VM.run()<\/em>\u00a0can obtain host process object and runs host commands with zero co-operation from the host.<\/p>\n<p>However, researchers at Socket told us in an email that <a href=\"https:\/\/github.com\/patriksimek\/vm2\/security\/advisories\/GHSA-ffh4-j6h5-pg66\" target=\"_blank\" rel=\"noreferrer noopener\">the advisory<\/a> about this escape says it has been confirmed only on Node.js 25.6.1, and requires a Node.js version with WebAssembly exception handling and\u00a0<em>JSTag<\/em>\u00a0support.<\/p>\n<p>The highest-risk scenario, they said, would be an application using\u00a0vm2 version 3.10.4 on Node 25, where attacker-controlled JavaScript is passed into\u00a0<em>VM.run()<\/em>.<\/p>\n<p>\u201cThis is a narrow but high-impact vulnerability,\u201d Socket research engineer <a href=\"https:\/\/wenxin-jiang.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wenxin Jiang<\/a> said in an email. \u201cIt does not appear to affect every vm2 deployment, because the advisory points to a specific vulnerable version and a specific Node 25\/WebAssembly combination. But when those conditions line up, the security boundary fails completely: code that was supposed to be confined to the sandbox can reach the host process and execute commands. That is why teams using vm2 for user-supplied JavaScript should patch quickly and review what the sandboxed process can access.\u201d<\/p>\n<p>Although it is not a vm2 maintainer, Socket said it is issuing a patch for developers who can\u2019t immediately upgrade to the latest, fixed version.<\/p>\n<p>Another serious hole is <a href=\"https:\/\/www.tenable.com\/cve\/CVE-2026-44007\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-44007<\/a>, an improper access control vulnerability in the vm2 Node.js library that allows sandbox escape and execution of arbitrary operating system commands on the underlying host. <a href=\"https:\/\/github.com\/advisories\/GHSA-8hg8-63c5-gwmx\" target=\"_blank\" rel=\"noreferrer noopener\">Its advisory says<\/a> that the vulnerability is in how the <em>nesting:true<\/em> option interacts with the legacy module resolver. This was patched in vm2 version 3.11.1.<\/p>\n<p>\u201cFor CSOs, both [vulnerabilities] deserve urgent attention,\u201d said Jiang, \u201cbut the second [the NodeVM nesting issue] may be the one more organizations need to audit for immediately.\u201d<\/p>\n<p>Both flaws, said Socket researchers, can turn sandboxed JavaScript into command execution on the host system. The difference is in how many environments are likely to be exposed. The Node 25\/WebAssembly issue appears narrower because it depends on a specific\u00a0vm2\u00a0version and a specific newer Node.js runtime behavior. The\u00a0NodeVM\u00a0nesting issue may be broader because it affects more versions and is triggered by a configuration pattern that some developers may have used intentionally.<\/p>\n<p>Jiang added that both advisories point to a broader lesson: JavaScript sandboxes are <a href=\"https:\/\/www.csoonline.com\/article\/4123782\/critical-bug-in-popular-vm2-node-js-sandboxing-library-puts-projects-at-risk.html\" target=\"_blank\">difficult to secure<\/a>, and small differences in runtime behavior or configuration can have major security consequences. \u201cThe first issue appears tied to a narrow Node 25\/WebAssembly path,\u201d he said. \u201cThis second issue is a configuration-driven escape involving\u00a0NodeVM\u00a0and\u00a0<em>nesting:true<\/em>.<\/p>\n<p>In both cases, the highest-risk users are organizations that run untrusted JavaScript and assume\u00a0vm2\u00a0is containing it. Those [application development] teams should patch immediately and add stronger isolation around sandboxed workloads.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"fragile-security-model\">\u2018Fragile security model\u2019 \u00a0<\/h2>\n<p>These sandbox escape vulnerabilities demonstrate why sandboxing untrusted code inside a trusted process is a fragile security model, <a href=\"https:\/\/www.linkedin.com\/in\/ar6s\/\" target=\"_blank\" rel=\"noreferrer noopener\">Adam Reynolds<\/a>, senior security researcher at Sonatype, said in an email. \u201cOnce untrusted code runs inside a process with access to credentials and secrets, the underlying filesystem, the network, or with deployment privileges, a sandbox bypass can easily lead to a full system compromise,\u201d he said.<\/p>\n<p>Simply having vm2 installed somewhere in the dependency tree is not enough to make some of these vulnerabilities exploitable, he added. For example, an attacker generally needs the ability to execute crafted JavaScript (and in the case of CVE-2026-26956, crafted WebAssembly) inside a vm2 sandbox controlled by the vulnerable application.\u00a0If the application never instantiates vm2, only uses it for trusted internal scripts, or does not allow attacker-controlled code execution at all, then there may be no realistic exploit path despite the presence of the dependency.<\/p>\n<p>If an organization is running any applications impacted by vm2, they should be upgraded immediately, he said. To mitigate risk until the upgrade is complete, users can avoid Node.js 25 runtimes, disable or block WebAssembly entirely inside untrusted sandboxes, and prevent user-controlled WASM compilation\/execution.<\/p>\n<p>\u201cSince future runtime updates could lead to similar issues, vm2 should be viewed as a convenience isolation layer as opposed to a hard security boundary,\u201d he added.<\/p>\n<p>In addition, <a href=\"https:\/\/www.linkedin.com\/in\/rob-enderle-03729\/\" target=\"_blank\" rel=\"noreferrer noopener\">Robert Enderle<\/a> of the Enderle Group said that IT leaders who are serious about security should stop relying on software-level sandboxing for untrusted code. Start looking at moving those processes into\u00a0hardened Docker containers\u00a0or\u00a0V8 Isolates, he advised.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker\u2019s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings come in advisories from vm2 maintainer Patrik Simek. vm2 is&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=16190\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16190","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16190"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16190\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}