A critical vulnerability in the Node.js sandboxing vm2 library allows escaping the sandbox and executing arbitrary code on the host system.
The security issue is tracked as CVE-2026-26956 and is confirmed to affect vm2 version 3.10.4, although earlier releases may be vulnerable. Proof-of-concept (PoC) code for the exploit has been published.
In a security advisory, the maintainer says that the problem only affects environments with Node.js 25 (verified in Node.js 25.6.1) that have enabled WebAssembly exception handling and JSTAg support.
vm2 is an open source Node.js library used to run trusted JavaScript code within a restricted sandbox environment. It is commonly used by online coding platforms, automation tools, and SaaS applications that use user-provided scripts.
The library attempts to sandbox code from the host system and block access to sensitive Node.js APIs such as the process and file system.
vm2 is widely used, with over 1.3 million weekly downloads on npm (Node Package Manager), the default command-line package manager for Node.js.
CVE-2026-26956 is from the library’s mishandling of exceptions that fall between a sandboxed environment and a host.
The advisory explains that vm2 generally relies on JavaScript-level protection against host-based errors and bridge proxies that wrap cross-content objects, both of which work entirely within JavaScript.
However, WebAssembly’s exception handling can prevent low-level JavaScript errors within Google’s V8 engine, bypassing vm2’s JavaScript-based protections.
By triggering a specially crafted TypeError using Symbol-to-string conversion, attackers can cause a host-side error object to leak back into the sandbox without being cleaned up by vm2.
Because the leaked object originates from the host environment, attackers can abuse the constructor chain to gain internal access to Node.js as a process object, ultimately allowing arbitrary command execution on the host system.
Security advisories include PoC implementations that demonstrate remote code execution on a host machine.
vm2 users are recommended to upgrade to version 3.10.5 or later (latest is 3.11.2) as soon as possible to reduce the risk of exploiting CVE-2026-26956.
Earlier this year, vm2 was affected by another critical sandbox escape bug that could lead to arbitrary code execution on the underlying host system, tracked as CVE-2026-22709.
Previous sandbox escape vulnerabilities affecting the same library include CVE-2023-30547, CVE-2023-29017, and CVE-2022-36067, which illustrate the challenge of safely isolating untrusted code in JavaScript sandbox environments.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
