Sandbox Breakout Vulnerability in VM2 for Node.js
CVE-2026-47208
10CRITICAL
What is CVE-2026-47208?
VM2 is an open-source virtual machine and sandbox for Node.js, which allows for running untrusted code securely. However, prior to version 3.11.4, it was vulnerable to a sandbox breakout that could enable attackers to escape the isolated environment of VM2 and execute arbitrary commands on the host system. This significant flaw can compromise system integrity and security, highlighting the importance of updating to the patched version 3.11.4 where this vulnerability has been addressed.
Affected Version(s)
vm2 < 3.11.4
