CriticalPublic exploit

Sandbox escape in vm2 via Buffer prototype/property lookup abuse

IdentifiersCVE-2026-47131CWE-94

CVE-2026-47131 is a sandbox escape vulnerability in the vm2 Node.js sandbox library affecting versions prior to 3.11.4. The issue arises from abuse of prototype/property lookup behavior against native Buffer objects by combining Buffer.call.call({}.lookupGetter, Buffer, "proto"), Buffer.call.call({}.lookupSetter, Buffer, "proto"), and Node.js's ERR_INVALID_ARG_TYPE error path. This sequence allows attacker-controlled code running inside the vm2 sandbox to obtain the host environment's TypeError constructor. Access to the host constructor breaks the sandbox boundary and enables execution of arbitrary code outside the intended isolation context.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in complete sandbox escape from vm2 and arbitrary code execution in the host Node.js process context. An attacker can execute code outside the sandbox boundary and potentially access sensitive application data, local files, credentials, tokens, processes, and other resources available to the hosting application.

Mitigation

If you can’t patch tonight, do this now.

No effective configuration-based workaround is identified in the provided content when untrusted scripts are permitted to run inside vm2. If immediate upgrade is not possible, the only partial risk reduction is to stop executing untrusted JavaScript in affected vm2 deployments until the library can be updated.

Remediation

Patch, then assume compromise.

Upgrade vm2 to version 3.11.4 or later, which patches this issue. The provided content identifies 3.11.4 as the fixed release for CVE-2026-47131.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

security online infoNews

May 22, 2026

Five Critical vm2 Vulnerabilities Grant Instant Node.js Host RCE

A critical vm2 sandbox escape that abuses getter/setter lookups on internal Buffer objects to obtain host-side constructors and escape the sandbox for RCE.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-47131

NVD

nvd.nist.gov/vuln/detail/CVE-2026-47131

MITRE CWE · CWE-94

cwe.mitre.org

github.com

github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8

github.com

github.com/patriksimek/vm2/releases/tag/v3.11.4

github.com

github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg