The Call Is Coming From Inside The House: Breaking vm2 with Method Hijacking
Vulnerability ID: CVE-2026-22709
CVSS Score: 10.0
Published: 2026-01-26
A critical sandbox escape in the vm2 library allows attackers to break out of the isolated environment by hijacking Function.prototype.call. This enables Remote Code Execution (RCE) on the host machine.
TL;DR
If you are running untrusted code using vm2 versions <= 3.10.1, you are owned. Attackers can overwrite Function.prototype.call inside the sandbox. When the host tries to sanitize a Promise, it accidentally runs the attacker's code with host privileges, leading to a complete sandbox escape.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-250 (Execution with Unnecessary Privileges)
- Attack Vector: Network
- CVSS: 10.0 (Critical)
- Impact: Remote Code Execution (RCE)
- Exploit Status: PoC Available
- Patch Date: 2026-01-17
Affected Systems
- Node.js applications using vm2 <= 3.10.1
- Serverless function implementations relying on vm2
- Rule engines executing user-defined JavaScript
-
vm2: <= 3.10.1 (Fixed in:
3.10.2)
Code Analysis
Commit: 4b009c2
Fix sandbox escape via Function.prototype.call hijacking
- return globalPromiseThen.call(this, onFulfilled, onRejected);
+ return apply(globalPromiseThen, this, [onFulfilled, onRejected]);
Exploit Details
- GitHub: PoC demonstrating the interception of internal calls via prototype pollution.
Mitigation Strategies
- Update vm2 to version 3.10.2 or later immediately.
- Migrate to 'isolated-vm' for stronger isolation based on V8 Isolates.
- Use OS-level isolation (Docker, gVisor, Firecracker) instead of application-level sandboxes.
Remediation Steps:
- Check your package.json for 'vm2' dependency.
- Run 'npm install vm2@3.10.2' or 'yarn upgrade vm2'.
- Audit any code that executes untrusted input for successful exploitation attempts.
References
Read the full report for CVE-2026-22709 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)