CVE-2026-22709
Published: 26 January 2026
Summary
CVE-2026-22709 is a critical-severity Code Injection (CWE-94) vulnerability in Vm2 Project Vm2. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 14.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation directly addresses this CVE by requiring organizations to patch vm2 to version 3.10.2 or later, fixing the globalPromise.prototype.then sanitization bypass that enables sandbox escape.
Prohibits the use of unsupported vulnerable system components like vm2 prior to 3.10.2, preventing deployment of versions susceptible to Promise callback sanitization bypass and arbitrary code execution.
Mandates security safeguards for mobile code technologies such as vm2 sandboxes executing untrusted JavaScript, mitigating risks of exploitation like the unsanitized globalPromise callbacks leading to sandbox escape.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Sandbox escape in vm2 directly enables arbitrary JavaScript execution (T1059.007) on the host and exploitation for privilege escalation (T1068) by bypassing isolation.
NVD Description
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbox.js, the callback function of `localPromise.prototype.then` is…
more
sanitized, but `globalPromise.prototype.then` is not sanitized. The return value of async functions is `globalPromise` object. Version 3.10.2 fixes the issue.
Deeper analysisAI
CVE-2026-22709 is a critical vulnerability in vm2, an open-source virtual machine and sandbox library for Node.js, affecting versions prior to 3.10.2. The flaw enables a bypass of sanitization for Promise.prototype.then and Promise.prototype.catch callbacks, allowing sandbox escape and arbitrary code execution. Specifically, in lib/setup-sandbox.js, callbacks for localPromise.prototype.then are sanitized, but those for globalPromise.prototype.then are not; async functions return globalPromise objects, creating the bypass vector. It is associated with CWE-94 (code injection), CWE-693 (protection mechanism failure), and CWE-913 (improper control of dynamically-managed code resources), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Attackers can exploit this remotely over a network with low complexity, requiring no privileges or user interaction. Any adversary able to supply or influence code executed within a vm2 sandbox—such as through untrusted JavaScript inputs in Node.js applications using vm2 for isolation—can trigger the bypass, escape the sandbox, and execute arbitrary code on the host Node.js process, potentially leading to full system compromise.
The vulnerability is addressed in vm2 version 3.10.2. Administrators and developers should upgrade to this version or later to mitigate the issue. Relevant resources include the GitHub security advisory at https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8, release notes at https://github.com/patriksimek/vm2/releases/tag/v3.10.2, and the fixing commit at https://github.com/patriksimek/vm2/commit/4b009c2d4b1131c01810c1205e641d614c322a29.
Details
- CWE(s)