Massive JavaScript Sandbox Breach: 13 Critical Holes Let Attackers Run Code on Host
Breaking: vm2 Sandbox Compromised by 13 Critical Vulnerabilities
Thirteen critical security holes have been discovered in the vm2 JavaScript sandbox package, allowing an attacker's code to escape the protected environment and execute arbitrary commands on the host system. Developers using vm2 in their applications must update immediately to version 3.11.2.
The warnings, issued by vm2 maintainer Patrik Simek, highlight that the flaws can be exploited to bypass all sandbox restrictions.
Key Vulnerability: Full Sandbox Escape in Node.js 25
The most severe issue is CVE-2026-26956, a full sandbox escape that grants arbitrary code execution. An attacker's code running inside VM.run() can obtain the host process object and execute host commands without any cooperation from the host.
However, researchers at security firm Socket told us that this escape has only been confirmed on Node.js version 25.6.1, requiring WebAssembly exception handling and JSTag support. The highest-risk scenario is an application using vm2 version 3.10.4 on Node 25, where attacker-controlled JavaScript is passed into VM.run().
“This is a narrow but high-impact vulnerability,” said Wenxin Jiang, research engineer at Socket. “It does not appear to affect every vm2 deployment, because the advisory points to a specific vulnerable version and a specific Node 25/WebAssembly combination. But when those conditions line up, the security boundary fails completely: code that was supposed to be confined to the sandbox can reach the host process and execute commands. That is why teams using vm2 for user-supplied JavaScript should patch quickly and review what the sandboxed process can access.”
In an update issued shortly after the initial disclosure, Socket revised the scope, stating that the vulnerability affects all vm2 versions before 3.10.5 on Node.js runtimes that expose WebAssembly.JSTag, including Node.js 24.x. This means some dependency scanners may incorrectly mark vulnerable deployments as unaffected. Socket is providing a patch for developers who cannot immediately upgrade to the fixed version.
Second Critical Flaw: Improper Access Control in Nesting
Another serious hole, CVE-2026-44007, is an improper access control vulnerability that also enables sandbox escape and execution of arbitrary OS commands. The issue lies in how the nesting:true option interacts with the legacy module resolver. It was patched in vm2 version 3.11.1.
“For CSOs, both vulnerabilities deserve urgent attention,” Jiang added, “but the second one—the NodeVM nesting issue—may be the one more organizations need to audit for immediately.”
Both flaws allow attackers to break out of the sandbox and run untrusted code with the privileges of the host process, potentially leading to full system compromise.
Background
vm2 is an open-source virtual machine and sandbox that enables running untrusted JavaScript code with a whitelist of Node.js’s built-in modules. It is widely used in platforms that execute user-submitted scripts, such as coding playgrounds, collaborative editors, and automation tools.
The package has been maintained for years, but these 13 critical vulnerabilities—found by multiple researchers—expose fundamental design weaknesses. In addition to the two highlighted CVEs, ten other holes also allow sandbox escape or privilege escalation.
What This Means
For developers and security teams, these vulnerabilities represent a direct threat to any system that runs untrusted JavaScript inside vm2. An attacker who exploits CVE-2026-26956 or CVE-2026-44007 can gain full control of the host server, steal data, deploy malware, or pivot to other systems.
The narrow trigger conditions for CVE-2026-26956 may lead some to underestimate its risk, but the updated advisory shows the impact is broader than initially thought. Organizations using vm2 should prioritize patching, especially if they expose a VM.run() interface to user input. Security teams should also review sandbox configurations and limit the host resources accessible to sandboxed code.
Socket’s interim patch provides a safety net for those unable to upgrade, but the long-term solution is to migrate away from vm2 if possible, as maintaining a secure sandbox boundary is increasingly difficult.
This is a breaking news story. More details will be added as they become available.
Related Articles
- Orchestrating Harmony: A Step-by-Step Guide to Scaling Multiple AI Agents
- Unlocking the Power of AI-Assisted Programming: Key Insights and Frameworks
- How to Access and Compile the Earliest DOS Source Code Released by Microsoft
- Go Team Unveils Stack Allocation Breakthrough for Faster Slice Operations
- Streamline Your Go Codebase with the Revamped `go fix` Command
- How the Python Packaging Council Was Formed: A Step-by-Step Guide to Governance
- ESP32 Hack Creates Full 360-Degree Sonar; Code Surprisingly Simple
- Kubernetes 1.36 Ushers in Declarative Validation: A New Era for API Reliability