FixVibe
Covered by FixVibecritical

Critical Sandbox Breakout in vm2 via Promise Species (CVE-2026-47208)

FixVibe GitHub repo scans can now report npm manifest and lockfile evidence for vm2 versions associated with CVE-2026-47208 / GHSA-76w7-j9cq-rx2j.

CVE-2026-47208GHSA-76w7-j9cq-rx2jCWE-913

Impact

vm2 is a Node.js sandbox library used to evaluate JavaScript in an isolated context. CVE-2026-47208 / GHSA-76w7-j9cq-rx2j affects vm2 versions up to and including 3.11.3 and can let code already running inside the sandbox escape that boundary with the privileges of the host Node.js process [S1][S2].

Affected dependency evidence

The reviewed GitHub Advisory lists npm package vm2, affected versions <=3.11.3, and patched version 3.11.4 [S1]. NVD tracks the same CVE and CWE-913 classification [S2].

Covered by FixVibe

FixVibe covers this issue in GitHub repository scans with the discovery.npm.vm2-cve-2026-47208 check. The scanner reviews authorized repository dependency files such as package.json, package-lock.json, npm-shrinkwrap.json, yarn.lock, and pnpm-lock.yaml for vm2 versions associated with the advisory.

Findings are reported as version-based advisory evidence. FixVibe does not run the application, execute sandbox-breakout proof-of-concept code, inspect deployed routes or job workers, verify that untrusted code reaches vm2, confirm VM or NodeVM runtime configuration, or claim host command execution from dependency evidence alone.

Fix

Upgrade vm2 to 3.11.4 or a later supported release [S1]. Regenerate the active lockfile, rebuild the deployed Node.js runtime, and verify the active dependency graph no longer resolves an affected version. If vm2 protects tenant scripts, plugins, workflow expressions, AI/tool-generated code, or other untrusted JavaScript, review logs and queued inputs handled before the upgrade and consider rotating credentials available to the Node.js process.

Critical Sandbox Breakout in vm2 via Promise Species (CVE-2026-47208) β€” FixVibe research Β· FixVibe