Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
CriticalPublic exploit

vm2 Promise species sandbox escape leading to host command execution

IdentifiersCVE-2026-24120CWE-94· Improper Control of Generation of…

CVE-2026-24120 is a critical sandbox escape vulnerability in the vm2 Node.js sandbox library. The issue affects vm2 versions prior to 3.10.5 and is described as an incomplete fix bypass for CVE-2023-37466. The prior mitigation attempted to sanitize Promise species handling via a resetPromiseSpecies mechanism, but that protection can be neutralized because attacker-controlled code running inside the sandbox can overwrite Object.defineProperty. After disabling the intended sanitization, an attacker can abuse the species property of Promise objects so that Promise chaining uses an attacker-controlled constructor. The published exploit path causes a host-realm TypeError during stack formatting and then uses the leaked host-side error object to traverse the constructor chain and recover the host Function constructor. From there, the attacker can access process and invoke child_process.execSync() to execute arbitrary operating system commands on the underlying host. In practical terms, untrusted JavaScript evaluated inside vm2 can break out of the sandbox boundary and achieve host-level code execution.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in complete escape from the vm2 sandbox and arbitrary command execution on the host system. Because the flaw is remotely exploitable in deployments that expose vm2-backed code execution to untrusted input, it can lead to full compromise of the hosting Node.js process and potentially the underlying server. The stated CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates high impact to confidentiality, integrity, and availability. An attacker can run OS commands, access sensitive host resources available to the Node.js process, modify data, install persistence, pivot further within the environment, or disrupt service.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, prevent untrusted or attacker-supplied JavaScript from being executed through vm2-backed services. Restrict network exposure of any code-evaluation endpoints, require strong authentication, and isolate workloads that must execute untrusted code using stronger process or VM boundaries rather than relying solely on in-process JavaScript sandboxing. The supporting content specifically notes that network-accessible code-execution services are at immediate risk and recommends considering stronger isolation technologies such as containers or microVM-style isolation for high-risk use cases. Monitoring for unexpected child_process usage and suspicious host command execution may help detect exploitation, but mitigation short of upgrade should be treated as temporary only.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.10.5 or later, as 3.10.5 is identified as the patch release for this vulnerability. Because the issue may be present through direct or transitive dependency use, audit dependency manifests and lockfiles such as package-lock.json or yarn.lock to identify vulnerable vm2 versions. Where feasible, move to the latest maintained vm2 release rather than stopping at the minimum fixed version, since later releases add additional hardening and address other sandbox escape issues. Validate that no deployed service continues to run vm2 versions prior to 3.10.5.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
Vm2 ProjectVm2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

10 SOURCESView more in app
cyber security newsNews
May 7, 2026
Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks

A critical vm2 sandbox escape vulnerability that bypasses Promise species protections to execute commands on the host.

Read more
the hacker newsNews
May 7, 2026
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A critical vm2 patch-bypass vulnerability for CVE-2023-37466 that enables sandbox escape through the species property of promise objects and arbitrary command execution on the host.

Read more
cvefeed high severityNews
May 4, 2026
CVE-2026-24120 - vm2: Sandbox Breakout Through Promise Species

A sandbox escape vulnerability in vm2 for Node.js that allows attackers to bypass an insufficient prior fix and execute arbitrary commands on the host system.

Read more
zeropath blogNews
May 4, 2026
vm2 Sandbox Escape via Promise Species Manipulation: Quick Look at CVE-2026-24120 with PoC Analysis - ZeroPath Blog | ZeroPath

A critical sandbox escape vulnerability in the vm2 Node.js package that allows arbitrary command execution on the host system due to an incomplete fix for a prior Promise species sanitization issue.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-24120
NVD
nvd.nist.gov/vuln/detail/CVE-2026-24120
MITRE CWE · CWE-94
Improper Control of Generation of Code ('Code…
Vendor Advisory
github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p
Release Notes
github.com/patriksimek/vm2/releases/tag/v3.10.5