CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical sandbox escape flaw in vm2 NodeJS library

First reported
Last updated
2 unique sources, 4 articles

Summary

Hide ▲

A critical-severity vulnerability (CVE-2026-22709) in the vm2 Node.js sandbox library allows escaping the sandbox and executing arbitrary code on the host system. The flaw arises from improper sanitization of Promises and has affected multiple versions, including the recently disclosed CVE-2026-26956, which exploits WebAssembly exception handling in Node.js 25 environments to bypass vm2's security defenses. The discovery of a dozen additional critical vulnerabilities in vm2—including CVE-2026-24118, CVE-2026-24120, CVE-2026-24781, CVE-2026-26332, CVE-2026-43997, CVE-2026-43999, CVE-2026-44005, CVE-2026-44006, CVE-2026-44007, CVE-2026-44008, and CVE-2026-44009—further demonstrates the persistent difficulty in securely isolating untrusted JavaScript code. All vulnerabilities enable sandbox escape with arbitrary code execution and carry CVSS scores between 9.1 and 10.0. Users are advised to upgrade to vm2 version 3.11.2 (or later) to mitigate risks, as the maintainer acknowledges future bypasses are likely and recommends considering alternatives like isolated-vm for stronger isolation.

Timeline

  1. 27.01.2026 18:35 4 articles · 3mo ago

    Critical sandbox escape flaw in vm2 NodeJS library discovered

    A critical-severity vulnerability (CVE-2026-22709) in the vm2 Node.js sandbox library allows escaping the sandbox and executing arbitrary code on the host system. The flaw arises from improper sanitization of Promises, enabling attackers to bypass sandbox restrictions. The vulnerability affects versions prior to 3.10.2 and has been partially addressed in subsequent updates. The vm2 library, widely used in SaaS platforms and open-source projects, was discontinued in 2023 due to repeated sandbox-escape vulnerabilities but was resurrected in 2025. The vulnerability is trivial to exploit, and users are advised to upgrade to the latest version (3.10.3) to mitigate the risk. The vulnerability carries a CVSS score of 9.8 out of 10.0, highlighting its criticality. The maintainer has acknowledged that new bypasses will likely be discovered in the future, urging users to keep the library up to date and consider alternatives like isolated-vm for stronger isolation guarantees. A new critical vulnerability (CVE-2026-26956) has been disclosed, exploiting WebAssembly exception handling in Node.js 25 environments to bypass vm2's sandbox restrictions. Proof-of-concept exploit code is available, and the issue affects vm2 version 3.10.4, with earlier releases potentially also vulnerable. The flaw stems from erroneous handling of exceptions crossing between the sandboxed environment and the host, leveraging TypeError triggers via Symbol-to-string conversion to leak host-side error objects into the sandbox. The constructor chain of leaked objects can be abused to regain access to Node.js internals like the process object, enabling arbitrary command execution. Users are recommended to upgrade to vm2 version 3.10.5 or later (latest is 3.11.2) to mitigate the risk. A dozen additional critical vulnerabilities were disclosed, including CVE-2026-24118, CVE-2026-24120, CVE-2026-24781, CVE-2026-26332, CVE-2026-43997, CVE-2026-43999, CVE-2026-44005, CVE-2026-44006, CVE-2026-44007, CVE-2026-44008, and CVE-2026-44009. All enable sandbox escape and arbitrary code execution on the host system with CVSS scores ranging from 9.1 to 10.0. These vulnerabilities affect multiple prior versions and have been patched in vm2 3.10.5 through 3.11.2. The disclosure underscores the ongoing challenge of securely isolating untrusted code in JavaScript-based sandbox environments and reinforces the maintainer's advisory to upgrade to the latest version and consider stronger alternatives like isolated-vm for robust isolation.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Unsafe dynamic code generation in protobuf.js enables remote code execution via malicious schemas

A critical remote code execution vulnerability in protobuf.js, a widely adopted JavaScript implementation of Protocol Buffers used for inter-service communication and structured data handling, has been disclosed. The flaw arises from unsafe dynamic code generation, where the library executes JavaScript functions constructed from untrusted protobuf schemas using the Function() constructor without proper validation of schema-derived identifiers. Attackers can craft malicious schemas containing identifier names that inject arbitrary code, which is executed when the application processes the schema. Successful exploitation allows arbitrary command execution on servers, developer machines, or cloud environments running affected versions, leading to credential theft, database access, and potential lateral movement within infrastructure. The vulnerability impacts protobuf.js versions 8.0.0/7.5.4 and lower, with patches released in 8.0.1, 7.5.5, and subsequent npm updates.

Open in new tab

Claude Mythos uncovers thousands of zero-days across major systems via Project Glasswing

Anthropic’s Claude Mythos Preview, under Project Glasswing, has autonomously discovered thousands of high-severity zero-day vulnerabilities across major operating systems, web browsers, and software libraries, including long-standing flaws such as a 27-year-old OpenBSD denial-of-service bug and a 16-year-old FFmpeg issue. The model’s agentic coding and reasoning capabilities enable it to autonomously craft complex exploits, such as a FreeBSD NFS server remote code execution chain and a multi-stage browser sandbox escape via JIT heap spray. Project Glasswing, a consortium involving AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic, provides $100 million in Mythos Preview usage credits and $4 million in donations to secure critical software. However, as of May 2026, 99% of vulnerabilities identified by Mythos Preview remain unpatched, and the model has now autonomously chained four zero-days to bypass both browser renderer and OS sandboxes, demonstrating the escalating dual-use risks of AI-driven cybersecurity tools. Industry experts warn that the lack of independent verification and the pace of exploit development necessitate rapid patching cycles and enhanced detection mechanisms to mitigate emerging threats.

Open in new tab

Active exploitation of maximum-severity code injection flaw in Flowise AI agent builder (CVE-2025-59528, CVSS 10.0)

Threat actors are actively exploiting CVE-2025-59528, a maximum-severity (CVSS 10.0) code injection vulnerability in Flowise, an open-source AI agent builder platform. The flaw allows unauthenticated remote code execution via the CustomMCP node, which parses user-supplied mcpServerConfig strings without sanitization, enabling execution of arbitrary JavaScript code with full Node.js runtime privileges. Successful exploitation grants attackers access to dangerous modules (e.g., child_process, fs), leading to full system compromise, arbitrary command execution, file system access, and sensitive data exfiltration. VulnCheck’s Canary network has detected early-stage exploitation of the flaw, originating from a single Starlink IP address. Between 12,000 and 15,000 Flowise instances remain exposed online, creating a significant and opportunistic attack surface for mass scanning and exploitation attempts. The vendor addressed the issue in versions 3.0.6 and later; users are advised to upgrade to at least 3.0.6 or the current 3.1.1.

Open in new tab

Critical Zero-Click RCE Vulnerability in FreeScout Helpdesk Platform

A critical zero-click remote code execution (RCE) vulnerability (CVE-2026-28289) in FreeScout helpdesk platform allows attackers to hijack mail servers by sending a crafted email. The flaw bypasses a previous fix for another RCE issue (CVE-2026-27636) and enables unauthenticated command execution on the server. FreeScout versions up to 1.8.206 are affected, and immediate patching to version 1.8.207 is recommended. The vulnerability leverages a zero-width space (Unicode U+200B) to bypass security checks, allowing malicious file uploads and subsequent exploitation. Over 1,100 publicly exposed FreeScout instances are at risk, with potential impacts including full server compromise, data breaches, and lateral movement. Ox Security discovered a patch bypass that allowed reproduction of the same RCE on newly updated servers and escalated the attack chain to a zero-click RCE. The PHP-based Laravel framework, on which FreeScout is based, has over 83,000 GitHub stars and around 13,000 publicly exposed servers.

Open in new tab

Critical Unauthenticated RCE Flaw in SmarterMail Patched

SmarterTools has addressed a critical unauthenticated remote code execution (RCE) flaw in SmarterMail email software, tracked as CVE-2026-24423 with a CVSS score of 9.3. The vulnerability allows attackers to execute arbitrary OS commands by pointing SmarterMail to a malicious HTTP server. The flaw was discovered by researchers from watchTowr, CODE WHITE GmbH, and VulnCheck and was patched in version Build 9511, released on January 15, 2026. CISA has added CVE-2026-24423 to its KEV catalog, marking it as actively exploited in ransomware campaigns, and has given federal agencies until February 26, 2026, to patch or stop using affected versions. Additionally, another critical flaw (CVE-2026-23760) and a medium-severity vulnerability (CVE-2026-25067) were also addressed in subsequent updates.

Open in new tab