How is CVE-2026-47210 exploited?

Network reachability (required): The attacker must be able to reach the service over the network to submit untrusted JavaScript for execution inside the vm2 sandbox. Authentication (not-required): No credentials or account are needed; the vulnerability is reachable by any unauthenticated caller who can submit code to the sandbox. Victim interaction (not-required): Exploitation is fully attacker-driven and requires no action from any user or operator on the target system. Attack complexity (info): The exploit is reliable and condition-free once the runtime exposes WebAssembly JSPI; no race conditions or special memory layout are required.

What is the impact of CVE-2026-47210?

The attacker executes arbitrary code inside the host Node.js process, escaping all sandbox boundaries. All data readable by the host process, including environment variables, secrets, and in-memory application state, is exposed to the attacker. The attacker can write or overwrite files, modify application data, and tamper with any resource the host process has write access to. The host process can be crashed or held in a tight loop, taking down the Node.js application entirely.

Back to search

CRITICALCVE-2026-47210Published 2026-06-12Modified 2026-06-13CNA GitHub_M

CVE-2026-47210: vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI (WebAssembly.promising / WebAssembly.Suspending). In the tested configuration, a JSPI-backed Promise can reach Promise.prototype.finally() in a way that bypasses the expected Promise-species hardening and exposes a host-originated rejection object to attacker-controlled species logic, breaking the sandbox boundary. This issue has been patched in version 3.11.4.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

This is a sandbox escape vulnerability in vm2, a widely used Node.js sandbox library. A remote attacker can send untrusted JavaScript that uses a JSPI-backed Promise (available when WebAssembly JSPI is exposed by the runtime) to bypass Promise-species hardening inside the vm2 sandbox, reaching attacker-controlled logic with a host-originated rejection object. Successful exploitation gives the attacker full code execution in the host Node.js process, enabling complete confidentiality, integrity, and availability impact. A patched-image rebuild at vm2 version 3.11.4 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images and pipeline builds, including custom-built images that bundle vm2 as a direct or transitive dependency.

Available

Triage

HarborGuard scores this finding at CVSS 9.8 (Critical) and is capable of weighting it further against each customer environment's compliance policy, then routing the alert to the appropriate team inbox within that organization.

Available

Patch

A patched-image rebuild at vm2 version 3.11.4 becomes available on HarborGuard as soon as the fix version is confirmed against the upstream registry. For customers who opt into auto-remediation, HarborGuard can trigger a rebuild, run regression tests, and open a PR against affected workloads automatically.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must be able to reach the service over the network to submit untrusted JavaScript for execution inside the vm2 sandbox.
AuthenticationNot required
No credentials or account are needed; the vulnerability is reachable by any unauthenticated caller who can submit code to the sandbox.
Victim interactionNot required
Exploitation is fully attacker-driven and requires no action from any user or operator on the target system.
Attack complexityDetail
The exploit is reliable and condition-free once the runtime exposes WebAssembly JSPI; no race conditions or special memory layout are required.

Blast Radius

The attacker executes arbitrary code inside the host Node.js process, escaping all sandbox boundaries.
All data readable by the host process, including environment variables, secrets, and in-memory application state, is exposed to the attacker.
The attacker can write or overwrite files, modify application data, and tamper with any resource the host process has write access to.
The host process can be crashed or held in a tight loop, taking down the Node.js application entirely.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-47210 is active across all connected registries and CI pipelines, matching any image that carries vm2 below version 3.11.4. The finding is scored at CVSS 9.8 Critical and surfaced immediately to the team inboxes defined by each customer's routing policy. A rebuilt image at vm2 3.11.4 is available for affected environments; for customers who opt into auto-remediation, HarborGuard can issue a rebuild, execute the configured regression suite, and open a patch PR against affected workloads (median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes for environments with auto-remediation enabled). Because JSPI exposure depends on the Node.js runtime version and V8 flags in use, teams should also review their runtime configuration and disable WebAssembly JSPI via runtime flags as a compensating control if immediate patching is not possible.

See how HarborGuard automates this

Affected packages

patriksimek / vm2
< 3.11.4

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified