CriticalPublic exploit

Sandbox Escape in vm2 async generator yield* handling

IdentifiersCVE-2026-45411CWE-668· Exposure of Resource to Wrong Sphere

CVE-2026-45411 is a sandbox escape vulnerability in vm2, the Node.js VM/sandbox library, affecting versions prior to 3.11.3. The issue arises from the interaction between vm2’s sandboxing model and V8/ECMAScript async generator semantics. Specifically, an attacker can use yield* inside an async generator and then close the generator via return(value). In the affected path, the supplied value is awaited; if it is a thenable whose then() throws synchronously, V8 handles that exception internally and passes it back to the yield* iterator as the next value. According to the provided analysis, this native handling occurs outside vm2’s JavaScript-level exception transformation and also bypasses vm2’s Promise.prototype.then-based rejection sanitization. As a result, untrusted code running inside vm2 can catch a host exception and leverage it to break out of the sandbox and execute arbitrary commands on the host.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows sandbox escape from vm2 and arbitrary command execution on the host system. Given the provided CVSS context, the impact is high across confidentiality, integrity, and availability: an attacker can execute code outside the intended sandbox boundary, access or modify host resources available to the Node.js process, and potentially disrupt service operation.

Mitigation

If you can’t patch tonight, do this now.

If immediate upgrade is not possible, avoid executing untrusted code in vm2 instances exposed to attacker-controlled input. Reduce blast radius by isolating the hosting Node.js process with OS-level controls such as containers, seccomp/AppArmor/SELinux, restricted service accounts, minimal filesystem and network permissions, and separate hosts for untrusted code execution. Monitor for sandbox escape attempts involving async generators, yield*, thenables, and anomalous child-process or command-execution behavior. These are compensating controls only; the definitive mitigation is upgrading to 3.11.3+.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.11.3 or later, which fixes this vulnerability. Replace all affected versions prior to 3.11.3 in environments that execute untrusted or semi-trusted JavaScript. Validate that deployed applications are actually using the patched vm2 version and redeploy any bundled or vendored copies.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Vm2 ProjectVm2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvereportsNews

May 14, 2026

CVE-2026-45411: CVE-2026-45411: Remote Code Execution via Sandbox Escape in vm2 Async Generator Implementation | CVEReports

A vulnerability involving V8 async generator delegation and native Await/PerformPromiseThen behavior that can evade vm2 sandbox exception and promise rejection sanitization logic.

cvefeed high severityNews

May 13, 2026

CVE-2026-45411 - vm2: Sandbox Breakout Using Async Generator

A sandbox escape vulnerability in vm2 for Node.js that can allow arbitrary command execution on the host system via async generator and yield* exception handling behavior.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-45411

NVD

nvd.nist.gov/vuln/detail/CVE-2026-45411

MITRE CWE · CWE-668

Exposure of Resource to Wrong Sphere

Vendor Advisory

github.com/patriksimek/vm2/security/advisories/GHSA-248r-7h7q-cr24