CVE-2026-24120 Overview
CVE-2026-24120 is a sandbox escape vulnerability in vm2, an open source virtual machine and sandbox library for Node.js. The flaw exists in versions prior to 3.10.5 and stems from an incomplete fix for CVE-2023-37466. Attackers can craft JavaScript that bypasses the sandbox boundary and executes arbitrary commands on the host system. The issue is tracked under CWE-94: Improper Control of Generation of Code. The maintainers patched the vulnerability in vm2 version 3.10.5.
Critical Impact
Unauthenticated attackers who control code executed inside vm2 can escape the sandbox and run arbitrary OS commands, leading to full compromise of the host process.
Affected Products
- vm2 versions prior to 3.10.5
- Node.js applications embedding vm2 to evaluate untrusted JavaScript
- Downstream packages and services that depend on vulnerable vm2 releases
Discovery Timeline
- 2026-05-04 - CVE-2026-24120 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-24120
Vulnerability Analysis
vm2 provides a JavaScript sandbox that intercepts access to host objects through proxy handlers and prototype filtering. CVE-2023-37466 documented a path that allowed sandboxed code to reach the underlying Node.js context. The patch shipped for that earlier issue did not fully constrain every interception path. CVE-2026-24120 demonstrates that the residual gap remains reachable from inside the sandbox.
An attacker who can submit JavaScript to a vulnerable vm2 instance can break out of the isolated context and obtain a reference to host primitives. From that reference, the attacker can require arbitrary modules, including child_process, and execute commands with the privileges of the Node.js process. The vulnerability does not require authentication or user interaction in the typical deployment, where untrusted code is executed by design.
Root Cause
The root cause is incomplete sanitization of the prototype chain and host object proxies used by vm2 to enforce the sandbox boundary. Specific bypass details are described in GitHub Security Advisory GHSA-qvjj-29qf-hp7p and the vm2 v3.10.5 release notes.
Attack Vector
Exploitation occurs over the network when a service evaluates attacker-controlled JavaScript using vm2. Common exposure points include online code playgrounds, serverless function platforms, no-code automation engines, and bot frameworks that run user-supplied scripts. After escaping the sandbox, the attacker invokes Node.js APIs to spawn processes, read filesystem contents, or pivot into adjacent infrastructure.
No verified proof-of-concept code is published in the NVD entry. Refer to the upstream security advisory for technical details on the bypass technique.
Detection Methods for CVE-2026-24120
Indicators of Compromise
- Unexpected child_process.spawn or exec calls originating from Node.js processes that host a vm2 sandbox
- Outbound network connections from Node.js workers that should only execute isolated user scripts
- New files written under application working directories or /tmp by sandbox worker processes
- Crash logs or stack traces referencing internal vm2 proxy handlers shortly before suspicious activity
Detection Strategies
- Inventory dependencies with npm ls vm2 and Software Composition Analysis tooling to flag versions below 3.10.5.
- Alert on Node.js processes spawning shells (/bin/sh, cmd.exe, powershell.exe) when the parent application is documented as a sandbox host.
- Hunt in EDR telemetry for parent-child process chains where a Node.js runtime executes interpreters such as bash, python, or curl.
- Review application logs for syntax patterns associated with prototype pollution and proxy abuse submitted to script evaluation endpoints.
Monitoring Recommendations
- Continuously monitor outbound DNS and HTTP traffic from servers running script evaluation services for anomalous destinations.
- Track filesystem writes and credential file reads (/etc/passwd, cloud metadata endpoints) by Node.js worker processes.
- Forward Node.js, container, and host telemetry to a centralized analytics platform for correlation across the kill chain.
How to Mitigate CVE-2026-24120
Immediate Actions Required
- Upgrade vm2 to version 3.10.5 or later in all affected applications and rebuild deployment artifacts.
- Audit every code path that passes user-controlled input to vm2.run, NodeVM, or related APIs.
- Rotate secrets accessible to the Node.js process if exploitation cannot be ruled out from logs.
- Consider migrating to actively maintained alternatives such as isolated-vm for executing untrusted JavaScript.
Patch Information
The upstream fix is available in the vm2 v3.10.5 release. Update via npm install [email protected] or pin a later release in package.json and package-lock.json. Coordinate redeployment of any container images, serverless functions, or bundled binaries that include the vulnerable dependency.
Workarounds
- Run Node.js services that embed vm2 inside hardened containers with seccomp, AppArmor, or SELinux profiles that block process execution.
- Apply strict egress network policies to sandbox hosts so escaped code cannot reach external command-and-control infrastructure.
- Disable or gate any user-facing endpoints that pass arbitrary scripts to vm2 until the patched version is deployed.
# Configuration example
npm install [email protected] --save-exact
npm ls vm2
npm audit --production
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
