CVE-2026-24118 Overview
CVE-2026-24118 is a sandbox escape vulnerability in vm2, an open source virtual machine and sandbox library for Node.js. Versions prior to 3.11.0 allow attackers to break out of the isolated execution environment and run arbitrary commands on the host system. The flaw is classified as code injection [CWE-94] and stems from incomplete isolation between sandboxed scripts and the host Node.js runtime. Maintainers patched the issue in vm2 version 3.11.0. Applications that evaluate untrusted JavaScript inside vm2 — including serverless platforms, online code editors, and automation tools — are directly exposed.
Critical Impact
Attackers can escape the vm2 sandbox over the network with no authentication and no user interaction, achieving full code execution on the host.
Affected Products
- vm2 versions prior to 3.11.0
- Node.js applications embedding vulnerable vm2 releases
- Downstream services that evaluate untrusted JavaScript through vm2
Discovery Timeline
- 2026-05-04 - CVE-2026-24118 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-24118
Vulnerability Analysis
The vm2 library wraps Node.js's built-in vm module to provide a hardened sandbox for running untrusted JavaScript. It rewrites code, proxies host objects, and intercepts prototype access to prevent guest code from reaching the underlying runtime. CVE-2026-24118 defeats this isolation. Attacker-controlled scripts can pivot from the sandbox into the host context and execute arbitrary commands with the privileges of the Node.js process.
Because vm2 is commonly placed at the trust boundary between user input and server-side execution, a successful escape gives the attacker the same capabilities as the application itself. That includes reading secrets from environment variables, calling child_process APIs, and pivoting to internal services.
Root Cause
The root cause is improper control of code generation during sandboxed evaluation [CWE-94]. The sandbox's proxy and prototype filtering logic fails to fully constrain object reachability, allowing crafted scripts to obtain a reference to a host object whose methods execute outside the isolated context. The fix in version 3.11.0 tightens these checks. Refer to GitHub Security Advisory GHSA-grj5-jjm8-h35p for the maintainer's analysis.
Attack Vector
Exploitation requires only the ability to submit JavaScript to a service that evaluates it through a vulnerable vm2 instance. No credentials and no user interaction are needed. The attack is network-reachable wherever the host application accepts untrusted code, such as a REST endpoint, message queue worker, or webhook handler. Once the sandbox is broken, the attacker runs commands as the Node.js process owner. Technical details are available in the GitHub Commit Fix and GitHub Release v3.11.0.
Detection Methods for CVE-2026-24118
Indicators of Compromise
- Node.js processes hosting vm2 spawning unexpected child processes such as sh, bash, cmd.exe, or powershell.exe.
- Outbound network connections from the application service account to unfamiliar destinations shortly after sandboxed code execution.
- New files written outside the application's working directory by the Node.js runtime.
- Reads of /etc/passwd, ~/.aws/credentials, or environment dumps initiated by the sandbox host process.
Detection Strategies
- Inventory all production dependencies and flag any vm2 version below 3.11.0 using npm ls vm2 or software composition analysis tooling.
- Hunt for process, require, child_process, or Function references in user-submitted scripts that reach the vm2 evaluator.
- Correlate sandboxed evaluation events with subsequent process creation, file writes, and outbound DNS to detect escape behavior.
Monitoring Recommendations
- Enable process lineage logging on hosts running Node.js services and alert when vm2-bearing processes spawn shells or interpreters.
- Forward application, host, and network telemetry into a centralized analytics pipeline for cross-source correlation.
- Track exploit availability against this CVE in threat intelligence feeds and re-prioritize patching if proof-of-concept code emerges.
How to Mitigate CVE-2026-24118
Immediate Actions Required
- Upgrade vm2 to version 3.11.0 or later in every Node.js project, including transitive dependencies.
- Audit application logs for evaluations of attacker-controlled JavaScript and treat affected systems as potentially compromised until reviewed.
- Restrict the privileges of the Node.js process so that a successful escape does not yield root or administrator access.
Patch Information
The maintainers fixed CVE-2026-24118 in vm23.11.0. The relevant changes are documented in the GitHub Commit Update and GitHub Commit Fix. Update with npm install vm2@^3.11.0 and rebuild any container images or serverless bundles that pin older versions.
Workarounds
- If patching is not immediately possible, stop accepting untrusted JavaScript through vm2 until the upgrade is deployed.
- Migrate to a process-isolated execution model such as a hardened container, gVisor, or a separate Node.js worker with seccomp restrictions.
- Apply strict input filtering to reject scripts that reference constructor, __proto__, process, or require before evaluation.
# Configuration example
npm install vm2@^3.11.0
npm ls vm2
npm audit --production
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
