CriticalPublic exploit

Sandbox escape in vm2 via host Object exposure

IdentifiersCVE-2026-43997CWE-94· Improper Control of Generation of…

CVE-2026-43997 is a critical sandbox escape vulnerability in the vm2 Node.js sandbox library. In vm2 versions prior to 3.11.0, code running inside the sandbox can obtain a reference to the host Object. Once the host Object is exposed, the sandbox boundary can be bypassed. The provided context notes one exploitation path using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom), and also characterizes the issue as abusing util.inspect and prototype traversal to achieve escape. Successful exploitation allows attacker-controlled code executing inside vm2 to break out of the intended isolation model.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in escape from the vm2 sandbox into the host context. Because the attacker can obtain host-side objects, the vulnerability can lead to arbitrary code execution on the underlying host running Node.js. The supplied CVSS vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) indicates complete compromise potential across confidentiality, integrity, and availability, with changed scope beyond the sandbox boundary.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, do not rely on vulnerable vm2 versions to isolate untrusted JavaScript. Reduce or eliminate exposure of services that accept attacker-controlled code for execution, and place such workloads inside stronger isolation boundaries such as containers or microVMs. Restrict host privileges available to the Node.js process, monitor for unexpected child process execution or host object access patterns, and treat vm2-only isolation as insufficient for high-risk multi-tenant or hostile-code scenarios.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.11.0 or later, as the vulnerability is fixed in 3.11.0. If feasible, move to the most recent maintained release rather than stopping at the minimum fixed version. Review any deployments that execute untrusted JavaScript with vm2 and assume sandbox isolation may have been bypassed on vulnerable versions.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Vm2 ProjectVm2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app

cvefeed high severityNews

May 13, 2026

CVE-2026-43997 - vm2: Sandbox Escape

A sandbox escape vulnerability in vm2 for Node.js that allows obtaining the host Object and escaping the sandbox in versions prior to 3.11.0.

cyber security newsNews

May 7, 2026

Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks

A critical vm2 sandbox escape vulnerability involving util.inspect and prototype traversal.

the hacker newsNews

May 7, 2026

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A critical vm2 code injection vulnerability that allows obtaining the host Object, escaping the sandbox, and executing arbitrary code.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-43997

NVD

nvd.nist.gov/vuln/detail/CVE-2026-43997

MITRE CWE · CWE-94

Improper Control of Generation of Code ('Code…

Vendor Advisory

github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6