CVE 10 CRITICAL

vm2: Sandbox Escape_CVE-2026-43997

May 13, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.

AI Analysis

Sandbox escape vulnerability in vm2 prior to 3.11.0, allowing attackers to obtain the host Object and potentially escape the sandbox.

Basic Information

ID CVE-2026-43997

Source GitHub_M

Published May 13, 2026 at 17:17

Affected Product

Vendor patriksimek

Product vm2

Version < 3.11.0

Affected Versions patriksimek vm2 < 3.11.0

CWE Classification

CWE-94

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor patriksimek

Product vm2

Version < 3.11.0

References

github.com /patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6

{
    "lastseen": "",
    "description": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.",
    "published": "2026-05-13T17:17:54.869Z",
    "modified": "2026-05-13T17:17:54.869Z",
    "type": "cve",
    "title": "vm2: Sandbox Escape",
    "source": "GitHub_M",
    "references": "https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6",
    "id": "CVE-2026-43997",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "patriksimek vm2 < 3.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vm2",
    "version": "< 3.11.0",
    "vendor": "patriksimek",
    "ai_description": "Sandbox escape vulnerability in vm2 prior to 3.11.0, allowing attackers to obtain the host Object and potentially escape the sandbox.",
    "ai_severity": "Critical",
    "ai_vendor": "patriksimek",
    "ai_product": "vm2",
    "ai_version": "< 3.11.0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply