CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical sandbox escape flaw in vm2 NodeJS library

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

A critical-severity vulnerability (CVE-2026-22709) in the vm2 Node.js sandbox library allows escaping the sandbox and executing arbitrary code on the host system. The flaw arises from improper sanitization of Promises, enabling attackers to bypass sandbox restrictions. The vulnerability affects versions prior to 3.10.2 and has been partially addressed in subsequent updates. The vm2 library, widely used in SaaS platforms and open-source projects, was discontinued in 2023 due to repeated sandbox-escape vulnerabilities but was resurrected in 2025. The vulnerability is trivial to exploit, and users are advised to upgrade to the latest version (3.10.3) to mitigate the risk. The vulnerability carries a CVSS score of 9.8 out of 10.0, highlighting its criticality. The maintainer has acknowledged that new bypasses will likely be discovered in the future, urging users to keep the library up to date and consider alternatives like isolated-vm for stronger isolation guarantees.

Timeline

  1. 27.01.2026 18:35 2 articles · 1d ago

    Critical sandbox escape flaw in vm2 NodeJS library discovered

    A critical-severity vulnerability (CVE-2026-22709) in the vm2 Node.js sandbox library allows escaping the sandbox and executing arbitrary code on the host system. The flaw arises from improper sanitization of Promises, enabling attackers to bypass sandbox restrictions. The vulnerability affects versions prior to 3.10.2 and has been partially addressed in subsequent updates. The vm2 library, widely used in SaaS platforms and open-source projects, was discontinued in 2023 due to repeated sandbox-escape vulnerabilities but was resurrected in 2025. The vulnerability is trivial to exploit, and users are advised to upgrade to the latest version (3.10.3) to mitigate the risk. The vulnerability carries a CVSS score of 9.8 out of 10.0, highlighting its criticality. The maintainer has acknowledged that new bypasses will likely be discovered in the future, urging users to keep the library up to date and consider alternatives like isolated-vm for stronger isolation guarantees.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical Grist-Core Vulnerability Enables RCE via Spreadsheet Formulas

A critical vulnerability in Grist-Core, an open-source relational spreadsheet-database, allows remote code execution (RCE) through malicious spreadsheet formulas. The flaw, codenamed Cellbreak (CVE-2026-24002, CVSS score: 9.1), enables attackers to execute OS commands or host-runtime JavaScript, collapsing the boundary between cell logic and host execution. The issue stems from a sandbox escape in the Pyodide sandboxing method, which is used for Python formula execution. Grist has released version 1.7.9 to address the vulnerability, and users are advised to update immediately. The vulnerability was uncovered by Cyera Research Labs and affects both managed SaaS and self-hosted environments, increasing the impact of the flaw. Grist adoption includes government, higher-education organizations, and commercial teams in marketing and game design.

Open in new tab

CVE-2026-1245: Privilege-Level Code Execution in binary-parser npm Library

A critical vulnerability (CVE-2026-1245) in the binary-parser npm library allows arbitrary JavaScript code execution due to insufficient sanitization of user-supplied values. The flaw affects all versions prior to 2.3.0 and could lead to privilege-level code execution in Node.js processes. The issue was patched on November 26, 2025, and users are advised to upgrade immediately.

Open in new tab

Critical Node.js async_hooks Stack Overflow Vulnerability

Node.js has released updates to address a critical vulnerability (CVE-2025-59466) that can cause server crashes via stack overflow in applications using async_hooks. The flaw allows denial-of-service (DoS) attacks when recursion in user code exhausts stack space, affecting multiple frameworks and APM tools. The issue impacts Node.js versions from 8.x to 18.x, though only LTS and current versions have received patches.

Open in new tab

Multiple Critical n8n Workflow Automation Vulnerabilities (CVE-2025-68613, CVE-2025-68668, CVE-2026-21877, CVE-2026-21858)

Multiple critical vulnerabilities have been disclosed in the n8n workflow automation platform. The most recent flaws, tracked as CVE-2026-1470 (CVSS 9.9) and CVE-2026-0863 (CVSS 8.5), allow authenticated users to bypass sandbox mechanisms and achieve remote code execution. These vulnerabilities affect various versions of n8n and have been patched in the latest versions. Additionally, three other critical vulnerabilities (CVE-2025-68613, CVE-2025-68668, and CVE-2026-21877) have been disclosed, affecting various versions of n8n. Over 103,000 instances are potentially vulnerable, with a significant number located in the U.S., Germany, France, Brazil, and Singapore. Users are advised to upgrade to the latest patched versions or implement mitigations such as disabling the Git node and limiting access for untrusted users. The Ni8mare vulnerability (CVE-2026-21858) affects over 100,000 servers potentially exposed. The vulnerability could enable attackers to access API credentials, OAuth tokens, database connections, and cloud storage. The vulnerability is related to the webhooks that start workflows in n8n. The platform parses incoming data based on the 'content-type' header in a webhook. When a request is 'multipart/form-data', the platform uses a special file upload parser (Formidable) which stores the files in temporary locations. For all other content types, a regular parser is used. The file upload parser wraps Formidable's parse() function, populating req.body.files with the output from Formidable. If a threat actor changes the content type to something like application/json, the n8n middleware would call the regular parser instead of the special file upload parser. This means req.body.files wouldn't be populated, allowing attackers to control the file metadata and file path. The vulnerability was reported on November 9 and fixed nine days later. Over 105,753 unpatched instances of n8n were found exposed online, with 59,558 still exposed on Sunday. More than 28,000 IPs were found in the United States and over 21,000 in Europe. n8n is widely used in AI development to automate data ingestion and build AI agents and RAG pipelines. Two vulnerabilities in the n8n workflow automation platform, identified as CVE-2026-1470 and CVE-2026-0863, were discovered by researchers at DevSecOps company JFrog. CVE-2026-1470 is an AST sandbox escape caused by improper handling of the JavaScript with statement, allowing arbitrary JavaScript execution and full RCE on the main n8n node. CVE-2026-0863 is a Python AST sandbox escape that combines format-string-based object introspection with Python 3.10+ AttributeError.obj behavior to regain access to restricted builtins and imports, allowing execution of OS commands and full RCE when Python runs as a subprocess on the main n8n node. These vulnerabilities highlight the difficulty in safely sandboxing dynamic, high-level languages such as JavaScript and Python. CVE-2026-1470 was fixed in versions 1.123.17, 2.4.5, and 2.5.1, while CVE-2026-0863 was addressed in n8n versions 1.123.14, 2.3.5, 2.4.2. Users are recommended to upgrade to the latest versions as soon as possible.

Open in new tab

Signature Verification Bypass in node-forge Library (CVE-2025-12816)

A high-severity vulnerability (CVE-2025-12816) in the popular node-forge JavaScript cryptography library allows attackers to bypass signature verification by crafting malformed ASN.1 data. The flaw affects versions 1.3.1 and earlier and could lead to authentication bypass, data tampering, and misuse of certificate functions. A patch (version 1.3.2) has been released to address the issue.

Open in new tab