vm2 CVE-2026-26956: Node.js sandbox escape enables host code execution

by Emma Davis
May 7, 2026

A critical sandbox-escape flaw in vm2 3.10.4 can let untrusted Node.js code reach the host environment. Upgrade to vm2 3.10.5 or later.

A critical sandbox-escape vulnerability in the popular Node.js library vm2 can let untrusted code break out of the VM and reach the host environment, enabling arbitrary command execution. The issue is tracked as CVE-2026-26956 and is described as a full escape in vm2 3.10.4.[1][2]

The vm2 maintainer says the exploit path is confirmed on Node.js v25.6.1 and depends on Node 25 features related to WebAssembly exception handling, including WebAssembly.JSTag. That path can bypass vm2’s JavaScript-level exception wrapping. The end result is that a host-realm error object can leak into the sandbox, and attackers can use it to recover access to Node internals, including process.[1]

Who’s at risk and what to do now

Cartoon showing untrusted JavaScript escaping a vm2 sandbox through a WASM exception path
The sandbox was supposed to keep the script inside. The spring had other plans.

If you run untrusted JavaScript through vm2, such as user scripting features, automation platforms, or CI/CD helpers, treat this as a patch-now item. Even if the bug’s trigger is specific to Node 25, the safe operational move is to remove the vulnerable combination from production environments.

The maintainer’s recommended fix is upgrading vm2 to 3.10.5 or later, which includes a targeted mitigation to block the wasm-level exception-handling escape path.[1][3]

As a defensive sanity check, review where vm2 is used in your stack and whether those runtimes are already on Node 25. If you offer “run user code” features, consider additional isolation layers such as separate OS users, containers or VMs, and strict egress controls instead of relying on a JavaScript-only sandbox boundary.

For more developer-side context on how quickly untrusted-code paths can become an incident, see our earlier write-up on poisoned packages used to steal CI secrets.

References

  1. GitHub Security Advisory. GHSA-ffh4-j6h5-pg66: vm2 WASM Sandbox Escape, Node 25 only. Published May 1, 2026. Advisory.
  2. OSV. GHSA-ffh4-j6h5-pg66 / CVE-2026-26956. Published May 5, 2026. Entry.
  3. vm2 project. Release v3.10.5. Release notes.
  4. BleepingComputer. Critical vm2 sandbox bug lets attackers execute code on hosts. Published May 6, 2026. Coverage.

About the author

Emma Davis

Content editor and security writer focused on making malware-removal and scam-prevention guides easier to understand. Emma reviews structure, clarity, and source consistency before articles are published.

View all posts

Leave a Comment