CVE-2026-43999 Overview
CVE-2026-43999 is a sandbox escape vulnerability in vm2, an open source virtual machine and sandbox library for Node.js. Versions prior to 3.11.0 contain an authorization flaw in the NodeVM builtin allowlist. When the module builtin is permitted, either explicitly or via the * wildcard, sandboxed code can invoke Module._load() directly in the host context. This bypasses all builtin restrictions and grants access to excluded modules such as child_process. The vulnerability is fixed in vm2 version 3.11.0.
Critical Impact
Attackers with the ability to execute code inside a vm2 sandbox can break out and achieve remote code execution on the host process when the module builtin is allowed.
Affected Products
- vm2 versions prior to 3.11.0
- Node.js applications using vm2 with module in the builtin allowlist
- Node.js applications using vm2 with the * wildcard for builtins
Discovery Timeline
- 2026-05-13 - CVE-2026-43999 published to NVD
- 2026-05-14 - Last updated in NVD database
Technical Details for CVE-2026-43999
Vulnerability Analysis
The vm2 library provides a sandboxed JavaScript execution environment for Node.js. The NodeVM class accepts a configuration that includes a builtin allowlist controlling which Node.js core modules sandboxed code can require. This vulnerability falls under [CWE-863] Incorrect Authorization, because the allowlist check is not enforced when the module builtin itself is accessible to the sandbox.
When sandboxed code obtains a reference to the module builtin, it gains access to Module._load(). This internal Node.js function loads any module by name and executes it directly in the host context. The host context sits outside vm2's interception layer, so excluded builtins such as child_process, fs, and net become reachable. An attacker can then spawn arbitrary processes or read arbitrary files on the host system.
Root Cause
The root cause is missing authorization enforcement on transitive module access. vm2 validates the top-level builtin requested by sandboxed code but does not restrict what that builtin can subsequently load. The module builtin exposes the unrestricted Node.js module loader, which negates the entire allowlist policy when included.
Attack Vector
Exploitation requires the attacker to control code executed inside a NodeVM instance where module is in the allowed builtins list or * is configured. The attacker calls require('module') to obtain the module loader, then invokes Module._load('child_process') or any other excluded module. The returned object operates with full host privileges. Refer to the GitHub Security Advisory GHSA-947f-4v7f-x2v8 for vendor details.
Detection Methods for CVE-2026-43999
Indicators of Compromise
- Unexpected child processes spawned by Node.js applications that embed vm2
- Outbound network connections originating from sandboxed Node.js workloads
- File system access to paths outside the expected vm2 working directory
- Process trees showing node parents launching shells, interpreters, or system utilities
Detection Strategies
- Inventory all Node.js applications using vm2 and identify versions below 3.11.0
- Audit vm2 configurations for module in the builtin array or use of * wildcard
- Monitor runtime behavior of Node.js processes hosting vm2 sandboxes for anomalous syscalls
- Inspect application logs for require('module') calls originating from sandboxed code
Monitoring Recommendations
- Alert on any child_process.spawn or exec invocation traced back to vm2 sandbox contexts
- Track package manifests in CI/CD pipelines and flag continued use of vm2 below 3.11.0
- Correlate Node.js process behavior with Endpoint Detection and Response telemetry covering process lineage and network activity
How to Mitigate CVE-2026-43999
Immediate Actions Required
- Upgrade vm2 to version 3.11.0 or later across all Node.js applications
- Remove module from any NodeVM builtin allowlist configuration
- Replace * wildcard builtin configurations with an explicit minimal allowlist
- Review code repositories and dependency manifests for transitive vm2 usage
Patch Information
The vm2 maintainers fixed this vulnerability in version 3.11.0. The patch enforces the builtin allowlist on transitive module loads performed through the module builtin. See the vm2 GitHub Security Advisory GHSA-947f-4v7f-x2v8 for release notes and remediation guidance.
Workarounds
- If upgrading is not immediately possible, remove module from the builtin allowlist
- Avoid the * wildcard for builtins and define the minimum set required by the application
- Consider migrating to actively maintained sandboxing alternatives, as vm2 has known historical escape issues
# Configuration example: minimal NodeVM builtin allowlist
npm install vm2@^3.11.0
# In application code, restrict builtins explicitly
# const { NodeVM } = require('vm2');
# const vm = new NodeVM({
# require: {
# builtin: ['path', 'url'], // do NOT include 'module' or '*'
# external: false
# }
# });
: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
