/Signal
On May 5, 2026, GitHub Security Lab disclosed four critical CVEs in the VM2 sandbox library (CVE-2026-26956, CVE-2026-26332, CVE-2026-24781, CVE-2026-24120) that allow sandbox escape and arbitrary code execution on Node.js 24 and 25 systems.
/Framework
The Attack Surface Analysis framework reveals VM2's flawed assumption that host and guest JavaScript execution contexts can be reliably isolated via JavaScript-level mechanisms alone.
/Analysis
VM2's security architecture depends on JavaScript-level sandboxing primitives like Proxy, which attackers bypass through WASM exception handling (CVE-2026-26956), SuppressedError abuse (CVE-2026-26332), inspect function exploitation (CVE-2026-24781), and Promise species manipulation (CVE-2026-24120). These vectors demonstrate that JavaScript isolation alone cannot defend against determined attackers with control over guest code.
/Counterpoint
Some argue VM2 remains secure for constrained use cases where attackers cannot provide arbitrary payloads or where host systems disable WASM. However, WASM is now table stakes for many Node.js workloads, and defending against guest code requires assuming attacker control.
/Sources
/Key Takeaways
- Patch VM2 immediately if using Node.js 24 or 25.
- Assume any JavaScript sandbox is breakable if attackers control guest code.
- Isolate Node.js processes at the OS level, not just JavaScript level.
- Disable WASM if VM2 sandboxing provides your primary defense.
- Audit any Node.js application accepting untrusted scripts for sandbox escapes.