Overview
Security researchers have uncovered thirteen critical security flaws in the widely used vm2 JavaScript sandbox library, raising alarms for developers who rely on this tool to run untrusted code in isolated environments. The vulnerabilities, if exploited, could allow an attacker to break out of the sandbox and execute arbitrary commands on the host system, posing severe risks to applications and infrastructure.
Patrik Simek, the maintainer of vm2, has issued advisories urging all users to update to the latest version, 3.11.2, which addresses these issues. The findings highlight the persistent challenges in maintaining secure sandboxing for JavaScript execution, especially as Node.js evolves.
What Is vm2 and Why It Matters
vm2 is an open-source virtual machine and sandbox designed to run untrusted code safely. It restricts access to Node.js built-in modules through a whitelist mechanism, allowing developers to execute user-supplied JavaScript without jeopardizing the host system. This makes it popular in environments where plugins, user scripts, or third-party code need to be executed, such as online code editors, automation tools, and platforms that support custom logic.
However, the discovered vulnerabilities demonstrate that even well-maintained sandboxes can have critical gaps.
The 13 Vulnerabilities: A Closer Look
All thirteen flaws are rated as critical, but two stand out due to their potential impact and the conditions required for exploitation. These have been assigned CVE identifiers and are fully detailed in the latest security advisories.
CVE-2026-26956: Full Sandbox Escape with Code Execution
The most severe vulnerability, CVE-2026-26956, grants a complete sandbox escape. An attacker who can inject code into the sandbox via VM.run() can obtain access to the host process object and execute arbitrary system commands. This exploit does not require any cooperation from the host environment beyond the presence of a vulnerable vm2 version.
Initial reports indicated that only Node.js 25.6.1 was affected, specifically where the runtime supports WebAssembly exception handling and the JSTag feature. The highest-risk scenario involves vm2 version 3.10.4 running on Node.js 25, with attacker-controlled JavaScript passed directly into VM.run().
According to Wenxin Jiang, a research engineer at Socket (the security firm that analyzed the flaw), "This is a narrow but high-impact vulnerability. It does not affect every deployment, but when conditions line up, the security boundary fails completely." Socket advises that teams using vm2 for any user-supplied code should patch immediately.
Important update: Shortly after publication, Socket revised its guidance. Further testing revealed that the vulnerability is actually broader than initially stated. It affects all versions of vm2 prior to 3.10.5 on any Node.js runtime that exposes WebAssembly.JSTag, including Node.js 24.x. This means dependency scanners may incorrectly mark vulnerable deployments as unaffected, increasing the urgency for manual verification.
CVE-2026-44007: Improper Access Control with Nesting Feature
The second critical flaw, CVE-2026-44007, stems from an improper access control mechanism. It allows sandbox escape and execution of arbitrary OS commands through a specific interaction between the nesting:true option and the legacy module resolver. This vulnerability was patched in vm2 version 3.11.1.
Socket researchers emphasize that this issue may affect a larger number of organizations because the nesting feature is commonly used. "For CSOs, both vulnerabilities deserve urgent attention, but the nesting issue may be the one more organizations need to audit for immediately," Jiang noted.
Recommendations for Developers and Security Teams
Given the severity and the evolving understanding of these flaws, immediate action is required:
- Update vm2 to version 3.11.2 or later, which includes all critical patches.
- Check your Node.js version – if you are on Node.js 24.x or 25.x, ensure vm2 is updated, and consider enabling security patches from your Node runtime.
- Audit sandbox usage – review what data and commands the sandboxed code can access. Even with patches, minimize the capabilities granted to untrusted scripts.
- Monitor security advisories – Socket has issued a temporary patch for developers who cannot immediately upgrade. Keep an eye on the vm2 GitHub repository and official channels.
- Run dependency scanners but verify results manually against the latest guidance from Socket or the vm2 maintainer.
Summary
The discovery of thirteen critical vulnerabilities in vm2 underscores the inherent difficulty of sandboxing JavaScript in production. While the two highlighted CVEs require specific conditions to exploit fully, the potential for a complete host takeover makes patching an urgent priority. Organizations using vm2 should treat this as a high-severity incident and apply updates without delay. As the threat landscape evolves, maintaining up-to-date versions and following best practices for code isolation remain the strongest defenses against sandbox escapes.