- Description
- vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4.
- Source
- security-advisories@github.com
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-913
- Hype score
- Not currently trending
CVE-2026-47208 - CRITICAL sandbox breakout in Vm2 Node.js. CVSS 10.0. Allows arbitrary code execution on host. Update to v3.11.4 immediately. #CVE #NodeJS #infosec #CVEAlert #CyberSecurity FREE IT Expert portal with Yara and Sigma rules, POC: https://t.co/21Gj62DuEF
@HugoValters
13 Jun 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2026-47208 | CVSS 10.0 vm2 Node.js sandbox breakout allows arbitrary command execution on host systems. All versions <3.11.4 affected. Patch immediately to v3.11.4+ #CVE #PatchNow https://t.co/vJ3q3kEODj
@DFIR_Lab
13 Jun 2026
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes