CVE 8.5 HIGH

vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape_CVE-2026-43998

May 13, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.

AI Analysis

NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context.

Basic Information

ID CVE-2026-43998

Source GitHub_M

Published May 13, 2026 at 17:19

Affected Product

Vendor patriksimek

Product vm2

Version 3.10.5

Affected Versions patriksimek vm2 3.10.5

CWE Classification

CWE-59

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor patriksimek

Product vm2

Version 3.10.5

References

github.com /patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c

{
    "lastseen": "",
    "description": "vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0.",
    "published": "2026-05-13T17:19:44.406Z",
    "modified": "2026-05-13T17:19:44.406Z",
    "type": "cve",
    "title": "vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape",
    "source": "GitHub_M",
    "references": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c",
    "id": "CVE-2026-43998",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "patriksimek vm2 3.10.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vm2",
    "version": "3.10.5",
    "vendor": "patriksimek",
    "ai_description": "NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context.",
    "ai_severity": "High",
    "ai_vendor": "patriksimek",
    "ai_product": "vm2",
    "ai_version": "3.10.5",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply