CVE-2026-43997— vm2: Sandbox Escape
Possible ATT&CK Techniques 1AI
T1610 · Deploy ContainerAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-43997
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vm2: Sandbox Escape
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
vm2 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
vm2是捷克Patrik Simek个人开发者的一个 Node.js 的高级虚拟机/沙盒。以使用列入白名单的 Node 内置模块运行不受信任的代码。 vm2 3.11.0之前版本存在代码注入漏洞,该漏洞源于可能获取宿主Object对象,允许通过多种方式利用宿主Object逃逸沙箱。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| patriksimek | vm2 | < 3.11.0 | - |
II. Public POCs for CVE-2026-43997
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-43997
请登录查看更多情报信息。
- https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-43997
Same Patch Batch · patriksimek · 2026-05-13 · 14 CVEs total
| CVE-2026-44005 | 10.0 CRITICAL | vm2: Sandbox escape |
| CVE-2026-44006 | 10.0 CRITICAL | vm2: Sandbox Escape |
| CVE-2026-43999 | 9.9 CRITICAL | vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox |
| CVE-2026-45411 | 9.8 CRITICAL | vm2: Sandbox Breakout Using Async Generator |
| CVE-2026-44009 | 9.8 CRITICAL | vm2: Sandbox Breakout Through Null Proto Exception |
| CVE-2026-44008 | 9.8 CRITICAL | vm2: Snabox breakout via `neutralizeArraySpeciesBatch` |
| CVE-2026-44007 | 9.1 CRITICAL | vm2: nesting: true bypasses require: false, allowing sandbox escape to arbitrary OS comman |
| CVE-2026-44001 | 8.6 HIGH | vm2: Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) |
| CVE-2026-43998 | 8.5 HIGH | vm2: NodeVM require.root bypass via symlink traversal allows sandbox escape |
| CVE-2026-44004 | 7.5 HIGH | vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass) |
| CVE-2026-44000 | 6.5 MEDIUM | vm2: sandbox boundary bypass via host Promise resolution preserving host object identity |
| CVE-2026-44002 | 5.8 MEDIUM | vm2: Host File Path Disclosure via Stack Trace Information Leak |
| CVE-2026-44003 | 5.3 MEDIUM | vm2: Transformer Fast-Path Bypass Exposes Internal State Variable |
IV. Related Vulnerabilities
Same product: vm2
Same vendor: patriksimek
Same weakness: CWE-94
- CVE-2021-47952
python jsonpickle 2.0.0 Remote Code Execution via py/repr - CVE-2021-47964
Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanag - CVE-2026-44717
MCP Calculate Server: Prompt Injection to RCE - CVE-2026-41258
OpenMRS: Stored Velocity SSTI to RCE via ConceptReferenceRan - CVE-2026-35194
Apache Flink: Remote code execution via SQL injection in cod
V. Comments for CVE-2026-43997
No comments yet