Full Report
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system. The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system. "In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch
Analysis Summary
# Vulnerability: Critical Sandbox Escape in vm2 via Unsanitized Promise Handlers
## CVE Details
- CVE ID: CVE-2026-22709
- CVSS Score: 9.8/10.0 (Critical)
- CWE: (Not explicitly detailed in the provided text, but related to Improper Neutralization/Improper Input Validation in a sandbox context)
## Affected Systems
- Products: vm2 Node.js library
- Versions: Specifically vulnerable in version 3.10.0. (Versions prior to the patch are affected.)
- Configurations: Any environment utilizing vm2 versions susceptible to the flaw for running untrusted code in a sandbox.
## Vulnerability Description
The vulnerability is a critical sandbox escape in the `vm2` Node.js library that allows an attacker to execute arbitrary code on the underlying operating system. The flaw stems from improper sanitization of Promise handlers, specifically `Promise.prototype.then` and `Promise.prototype.catch`. Async functions return `globalPromise` objects, and their handlers were not sanitized correctly unlike the `localPromise` handlers, creating an escape vector that allows jailed code to break out of the sandbox.
## Exploitation
- Status: Not explicitly stated as being exploited in the wild, but PoCs are likely to emerge given the nature of the vulnerability and public disclosure. **Details on PoC availability are not explicitly provided, but high-severity flaws often have one quickly.**
- Complexity: Based on the technical nature (bypassing promise object sanitization for async functions), **Medium to High** complexity is assumed for achieving reliable code execution, necessary to exploit a 9.8 CVSS flaw.
- Attack Vector: Likely **Network** if the code execution is triggered remotely via input processed by the sandboxed environment, or **Local** if based on file execution.
## Impact
- Confidentiality: **High** (Arbitrary code execution allows access to host system resources)
- Integrity: **High** (Arbitrary code execution allows modification/destruction of host system data)
- Availability: **High** (Arbitrary code execution allows denial of service on the host system)
## Remediation
### Patches
- **Recommended Update:** Update to **vm2 version 3.10.3** or later (3.10.2 was initially mentioned as a fix, but 3.10.3 is confirmed as the latest version containing fixes for this and other recent escapes).
### Workarounds
- Maintainers suggest considering more robust alternatives known for stronger isolation guarantees, such as **`isolated-vm`**.
- The maintainer also recommends using **Docker with logical separation** between components as an added layer of defense despite using vm2.
- **Immediate Action:** Ensure all Promise handler sanitization (if custom sandboxing logic is implemented) is robust, though applying the official patch is preferred.
## Detection
- Detection methods are not explicitly stated, but monitoring for execution paths that involve the manipulation or unexpected resolution of `Promise` objects within the sandboxed context could serve as an Indicator of Compromise (IOC).
- Look for unexpected outbound network connections or file system access originating from the process running the `vm2` sandbox.
## References
- Vendor Advisory (GHSA): hxxps://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8
- Research Context: hxxps://www.endorlabs.com/learn/cve-2026-22709-critical-sandbox-escape-in-vm2-enables-arbitrary-code-execution
- Release Note Example: hxxps://github.com/patriksimek/vm2/releases/tag/v3.10.3