CVE 9.8 CRITICAL

vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass_CVE-2026-47210

June 12, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.

AI Analysis

Sandbox escape vulnerability in vm2 allowing arbitrary code execution in the host process

Basic Information

ID CVE-2026-47210

Source GitHub_M

Published Jun 12, 2026 at 14:17

Affected Product

Vendor patriksimek

Product vm2

Version < 3.11.4

Affected Versions patriksimek vm2 < 3.11.4

CWE Classification

CWE-913

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor patriksimek

Product vm2

Version < 3.11.4

References

{
    "lastseen": "",
    "description": "vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.",
    "published": "2026-06-12T14:17:22.653Z",
    "modified": "2026-06-12T14:17:22.653Z",
    "type": "cve",
    "title": "vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass",
    "source": "GitHub_M",
    "references": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6j2x-vhqr-qr7q\nhttps://github.com/patriksimek/vm2/commit/6915fa4d9bcebd47b9a4f39a1adc1aa94ef6ffc6\nhttps://github.com/patriksimek/vm2/releases/tag/v3.11.4",
    "id": "CVE-2026-47210",
    "bulletinFamily": "",
    "cwe": [
        "CWE-913"
    ],
    "cvelist": null,
    "sourceData": "patriksimek vm2 < 3.11.4",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "vm2",
    "version": "< 3.11.4",
    "vendor": "patriksimek",
    "ai_description": "Sandbox escape vulnerability in vm2 allowing arbitrary code execution in the host process",
    "ai_severity": "Critical",
    "ai_vendor": "patriksimek",
    "ai_product": "vm2",
    "ai_version": "< 3.11.4",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply