A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system.
The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit code has been published.
In the security advisory, the maintainer says that the issue only impacts environments with Node.js 25 (confirmed on Node.js 25.6.1) that have enabled WebAssembly exception handling and JSTag support.
vm2 is an open-source Node.js library used to run untrusted JavaScript code inside a restricted sandbox environment. It is commonly employed by online coding platforms, automation tools, and SaaS apps that execute user-supplied scripts.
The library attempts to isolate sandboxed code from the host system and block access to sensitive Node.js APIs like process and the filesystem.
vm2 is widely used, with more than 1.3 million weekly downloads on the npm (Node Package Manager), the default command-line package manager for Node.js.
CVE-2026-26956 stems from the library’s erroneous handling of exceptions crossing between the sandboxed environment and the host.
The advisory explains that vm2 normally relies on JavaScript-level protections that safeguard against host-based errors and bridge Proxies that wrap cross-context objects, both running entirely within JavaScript.
However, WebAssembly exception handling can intercept JavaScript errors at a lower level inside Google’s V8 engine, bypassing vm2’s JavaScript-based security defenses.
By triggering a specially crafted TypeError using Symbol-to-string conversion, attackers can cause a host-side error object to leak back into the sandbox without being sanitized by vm2.
Because the leaked object originates from the host environment, attackers can abuse its constructor chain to regain access to Node.js internals like the process object, ultimately allowing arbitrary command execution on the host system.
The maintainer’s security advisory also includes a PoC exploit that demonstrates remote code execution on the host machine.
Users of vm2 are recommended to upgrade to version 3.10.5 or later (latest is 3.11.2) as soon as possible to mitigate the risk of CVE-2026-26956 exploitation.
At the beginning of the year, vm2 was impacted by another critical sandbox escape flaw that could lead to arbitrary code execution on the underlying host system, tracked as CVE-2026-22709.
Earlier sandbox escape flaws impacting the same library include CVE-2023-30547, CVE-2023-29017, and CVE-2022-36067, reflecting the challenge of securely isolating untrusted code in JavaScript sandbox environments.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
