A severe sandbox escape vulnerability, CVE-2026-22709, has been identified in the widely-used vm2 Node.js library. This critical flaw, with a CVSS score of 9.8 out of 10, could allow malicious actors to execute arbitrary code on the underlying operating system, bypassing the intended security of the sandboxed environment.
The vulnerability was disclosed by vm2 maintainer Patrik Simek, who explained that the issue lies within the sanitization of Promise handlers. Specifically, Promise.prototype.then and Promise.prototype.catch callbacks in version 3.10.0 could be bypassed, enabling unauthorized code execution outside of vm2’s secure boundaries. Researchers from Endor Labs, Peyton Kennedy and Cris Staicu, further elaborated that async functions returning `globalPromise` objects, which were not as rigorously sanitized as `localPromise` objects, created this escape vector.
vm2 Sandbox Escape Vulnerability and Its Implications
The vm2 library is designed to provide a secure environment for running untrusted JavaScript code by intercepting and proxying objects to prevent access to the host system. However, the discovery of CVE-2026-22709 highlights a persistent challenge in maintaining robust security within such libraries. This latest vulnerability is part of a concerning trend, following several other sandbox escape flaws documented in recent years, including CVE-2022-36067, CVE-2023-29017, CVE-2023-29199, and others.
The identification of CVE-2023-37903 in July 2023 had previously led to an announcement from vm2’s maintainer indicating the project’s discontinuation. However, the project’s status appears to have evolved, with references to discontinuation removed from the GitHub repository’s README and the security page updated in October 2025 to state that vm2 3.x versions are now actively maintained.
Mitigation and Alternative Solutions for Sandbox Escapes
Despite the ongoing maintenance, vm2’s maintainer has cautioned that new bypasses for the sandbox escapes may continue to emerge. Users are strongly advised to keep the vm2 library updated to the latest version, which is currently 3.10.3, as it includes fixes for CVE-2026-22709 and additional sandbox escape vulnerabilities. The maintainer also recommends considering more robust alternatives for enhanced security guarantees.
One such alternative mentioned is `isolated-vm`, which utilizes V8’s native Isolate interface, reportedly offering a more stable security foundation. Semgrep’s analysis suggests that while `isolated-vm` provides a stronger base, the vm2 maintainers still emphasize the importance of isolation and recommend employing additional layers of separation, such as using Docker with logical divisions between components.
The ongoing discovery of critical vulnerabilities in vm2 underscores the complexities of securing sandboxed environments. For developers and organizations relying on vm2 or similar libraries, a proactive approach to security, including regular updates, thorough risk assessments, and the evaluation of alternative solutions, is crucial. The future of vm2’s maintenance and the potential discovery of further vulnerabilities will be important factors for users to monitor as they manage their software dependencies.