Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-47135— vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks

CVSS 8.7 · High EPSS 0.44% · P35

Affected Version Matrix 1

VendorProductVersion RangeStatus
patriksimekvm2< 3.11.4affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47135

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
vm2: Sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks
Source: NVD (National Vulnerability Database)
Vulnerability Description
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox code can obtain real cross-realm symbols, write them to host objects, and control host-side behavior — verified with a full util.promisify hijack chain. This issue has been patched in version 3.11.4.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
保护机制失效
Source: NVD (National Vulnerability Database)
Vulnerability Title
Patrik Simek vm2 处理逻辑错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
patriksimek vm2是patriksimek的沙箱。 Patrik Simek vm2 3.11.4之前版本存在处理逻辑错误漏洞,该漏洞源于setup-sandbox.js中的Symbol.for覆盖仅拦截了9个危险Node.js跨域符号中的2个,且桥接器的set/defineProperty/deleteProperty陷阱缺少isDangerousCrossRealmSymbol键检查,导致沙箱代码可获取真实跨域符号、写入宿主对象并控制宿主端行为。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
patriksimekvm2 < 3.11.4 -

II. Public POCs for CVE-2026-47135

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8263 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-47135

登录查看更多情报信息。

Vendor Advisories for CVE-2026-47135 (1)

Vendor Pages for CVE-2026-47135 (1)

Same Patch Batch · patriksimek · 2026-06-12 · 9 CVEs total

CVE-2026-4714010.0 CRITICALvm2: NodeVM builtin denylist bypass via process and inspector/promises allows host code ex
CVE-2026-4720810.0 CRITICALvm2: Sandbox Breakout Using Promise Species
CVE-2026-4713710.0 CRITICALvm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows
CVE-2026-4713110.0 CRITICALvm2: Sandbox Escape
CVE-2026-472109.8 CRITICALvm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass
CVE-2026-471398.6 HIGHvm2: NodeVM network builtin exclusions bypass via internal _http_client and _http_server
CVE-2026-472098.6 HIGHvm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injec
CVE-2026-47141vm2: NodeVM observability builtins leak host process and HTTP request data

IV. Related Vulnerabilities

Same product: vm2
Same vendor: patriksimek
Same weakness: CWE-693

V. Comments for CVE-2026-47135

No comments yet

Leave a comment