Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-43999 (GCVE-0-2026-43999)
Vulnerability from cvelistv5 – Published: 2026-05-13 17:21 – Updated: 2026-05-15 03:55
VLAI
EPSS
Title
vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape
Summary
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.
Severity
9.9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/patriksimek/vm2/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| patriksimek | vm2 |
Affected:
< 3.11.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43999",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:55:54.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM\u0027s builtin allowlist can be bypassed when the module builtin is allowed (including via the \u0027*\u0027 wildcard). The module builtin exposes Node\u0027s Module._load(), which loads any module by name directly in the host context, completely bypassing vm2\u0027s builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:21:22.308Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
}
],
"source": {
"advisory": "GHSA-947f-4v7f-x2v8",
"discovery": "UNKNOWN"
},
"title": "vm2: NodeVM builtin allowlist bypass via `module` builtin\u0027s `Module._load` allows sandbox escape"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43999",
"datePublished": "2026-05-13T17:21:22.308Z",
"dateReserved": "2026-05-04T20:24:31.917Z",
"dateUpdated": "2026-05-15T03:55:54.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43999",
"date": "2026-06-17",
"epss": "0.00669",
"percentile": "0.47038"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43999\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T18:16:16.450\",\"lastModified\":\"2026-05-14T16:16:23.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM\u0027s builtin allowlist can be bypassed when the module builtin is allowed (including via the \u0027*\u0027 wildcard). The module builtin exposes Node\u0027s Module._load(), which loads any module by name directly in the host context, completely bypassing vm2\u0027s builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"3.11.0\",\"matchCriteriaId\":\"6DD48308-6219-4C66-9BE7-246EE56FB834\"}]}]}],\"references\":[{\"url\":\"https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-43999\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-14T15:34:45.749353Z\"}}}], \"references\": [{\"url\": \"https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-14T15:35:08.357Z\"}}], \"cna\": {\"title\": \"vm2: NodeVM builtin allowlist bypass via `module` builtin\u0027s `Module._load` allows sandbox escape\", \"source\": {\"advisory\": \"GHSA-947f-4v7f-x2v8\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"patriksimek\", \"product\": \"vm2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.11.0\"}]}], \"references\": [{\"url\": \"https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8\", \"name\": \"https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM\u0027s builtin allowlist can be bypassed when the module builtin is allowed (including via the \u0027*\u0027 wildcard). The module builtin exposes Node\u0027s Module._load(), which loads any module by name directly in the host context, completely bypassing vm2\u0027s builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T17:21:22.308Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-43999\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-15T03:55:54.967Z\", \"dateReserved\": \"2026-05-04T20:24:31.917Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T17:21:22.308Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-43999
Vulnerability from fkie_nvd - Published: 2026-05-13 18:16 - Updated: 2026-06-17 10:50
Severity
Summary
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8 | Exploit, Mitigation, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8 | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vm2_project | vm2 | * |
{
"affected": [
{
"affectedData": [
{
"product": "vm2",
"vendor": "patriksimek",
"versions": [
{
"status": "affected",
"version": "\u003c 3.11.0"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vm2_project:vm2:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6DD48308-6219-4C66-9BE7-246EE56FB834",
"versionEndExcluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM\u0027s builtin allowlist can be bypassed when the module builtin is allowed (including via the \u0027*\u0027 wildcard). The module builtin exposes Node\u0027s Module._load(), which loads any module by name directly in the host context, completely bypassing vm2\u0027s builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution. This vulnerability is fixed in 3.11.0."
}
],
"id": "CVE-2026-43999",
"lastModified": "2026-06-17T10:50:11.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-43999",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T00:00:00+00:00",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T18:16:16.450",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-947F-4V7F-X2V8
Vulnerability from github – Published: 2026-05-07 04:08 – Updated: 2026-05-14 20:36
VLAI
Summary
vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
Details
Summary
NodeVM's builtin allowlist can be bypassed when the module builtin is allowed (including via the '*' wildcard). The module builtin exposes Node's Module._load(), which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed code to load excluded builtins like child_process and achieve remote code execution.
Severity
Critical (CVSS 3.1: 9.9)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Attack Vector: Network — sandboxed code is typically received from external sources (user-submitted scripts, plugin code)
- Attack Complexity: Low — no special conditions required;
['*', '-child_process']is a common, documented pattern - Privileges Required: Low — attacker needs only the ability to submit code to the sandbox, which is the intended use case
- User Interaction: None
- Scope: Changed — escape from sandbox boundary to host system
- Confidentiality Impact: High — arbitrary command execution on the host
- Integrity Impact: High — arbitrary command execution on the host
- Availability Impact: High — arbitrary command execution on the host
Affected Component
lib/builtin.js—makeBuiltinsFromLegacyOptions()(lines 109-117) — includesmodulein'*'expansionlib/builtin.js—addDefaultBuiltin()(lines 86-90) — loadsmodulewith generic readonly wrapperlib/builtin.js—SPECIAL_MODULES(line 61) — does NOT includemodule
CWE
- CWE-863: Incorrect Authorization
Description
Root Cause: The module builtin provides unrestricted host module loading
When builtin: ['*', '-child_process'] is configured, makeBuiltinsFromLegacyOptions iterates over BUILTIN_MODULES and adds all modules not explicitly excluded:
// lib/builtin.js:40
const BUILTIN_MODULES = (nmod.builtinModules || Object.getOwnPropertyNames(process.binding('natives')))
.filter(s=>!s.startsWith('internal/'));
// lib/builtin.js:109-117
if (Array.isArray(builtins)) {
const def = builtins.indexOf('*') >= 0;
if (def) {
for (let i = 0; i < BUILTIN_MODULES.length; i++) {
const name = BUILTIN_MODULES[i];
if (builtins.indexOf(`-${name}`) === -1) {
addDefaultBuiltin(res, name, hostRequire);
}
}
}
Node's builtinModules includes 'module' (verified: require('module').builtinModules.includes('module') → true). Since only '-child_process' is excluded, 'module' passes the filter and gets added.
The module builtin is NOT in SPECIAL_MODULES (which only covers events, buffer, util), so it gets the generic loader:
// lib/builtin.js:86-90
function addDefaultBuiltin(builtins, key, hostRequire) {
if (builtins.has(key)) return;
const special = SPECIAL_MODULES[key];
builtins.set(key, special ? special : vm => vm.readonly(hostRequire(key)));
}
This wraps Node's Module class in a readonly proxy and hands it to the sandbox.
The readonly proxy does not prevent method calls
ReadOnlyHandler (bridge.js:940-983) only overrides mutation traps: set, setPrototypeOf, defineProperty, deleteProperty, isExtensible, preventExtensions. It does NOT override get or apply, which are inherited from BaseHandler.
BaseHandler.apply() (bridge.js:665-677) forwards function calls directly to the host context:
apply(target, context, args) {
const object = getHandlerObject(this);
let ret;
try {
context = otherFromThis(context);
args = otherFromThisArguments(args);
ret = otherReflectApply(object, context, args);
} catch (e) {
throw thisFromOtherForThrow(e);
}
return thisFromOther(ret);
}
So Module._load('child_process') is forwarded to Node's native Module._load in the host context, which loads child_process without any vm2 allowlist check.
Inconsistent defense: some builtins are isolated, module is not
The codebase IS aware that certain builtins need special handling:
events: Gets a complete sandbox-native reimplementation vialib/events.jsbuffer: Custom loader that only exposes theBufferclassutil: Custom loader that replacesinheritswith a sandbox-safe version
But module — which provides access to the host's entire module loading infrastructure via Module._load, Module._resolveFilename, etc. — gets no special treatment at all.
Full execution chain
- Host configures
NodeVMwithbuiltin: ['*', '-child_process'] makeBuiltinsFromLegacyOptionsadds'module'to allowed builtins (not excluded)- Sandbox code calls
require('module')→ resolver finds'module'in builtins →loadBuiltinModule('module') - Loader calls
vm.readonly(hostRequire('module'))→ returns readonly proxy of Node'sModuleclass - Sandbox reads
Module._load→BaseHandler.get()returns proxied function - Sandbox calls
Module._load('child_process')→BaseHandler.apply()forwards to host - Host's
Module._loadloadschild_processnatively (no vm2 check involved) child_processmodule proxied back to sandbox- Sandbox calls
child_process.execSync('id')→ executes on host → RCE
Proof of Concept
const { NodeVM } = require('vm2');
// Developer thinks child_process is blocked
const vm = new NodeVM({
require: {
builtin: ['*', '-child_process'],
external: false,
},
});
const out = vm.run(`
const Module = require('module');
// Module._load bypasses vm2's builtin allowlist entirely
const cp = Module._load('child_process');
module.exports = cp.execSync('id').toString();
`, 'poc.js');
console.log(out.trim()); // prints host uid/gid — RCE achieved
Impact
- Complete builtin allowlist bypass: Any configuration that allows the
modulebuiltin (including['*', '-X']patterns) can load ANY builtin, including explicitly excluded ones. - Remote code execution: Sandboxed code can execute arbitrary commands on the host via
child_process.execSync. - Common configuration affected: The
['*', '-child_process', '-fs']pattern is documented and widely used by developers who want "all builtins except dangerous ones." - No special conditions: Unlike environment-dependent attacks, this works on every Node.js version, every OS, and every vm2 deployment that uses the
'*'wildcard. - Additional attack surfaces via
module: Beyond_load, theModuleclass also exposes_resolveFilename,_cache,_pathCache, and other internals that could be abused.
Recommended Remediation
Option 1: Exclude module from BUILTIN_MODULES entirely (Preferred)
The module builtin provides unrestricted host module loading and should never be exposed to the sandbox:
// lib/builtin.js:40
const DANGEROUS_BUILTINS = new Set(['module', 'worker_threads', 'cluster']);
const BUILTIN_MODULES = (nmod.builtinModules || Object.getOwnPropertyNames(process.binding('natives')))
.filter(s => !s.startsWith('internal/') && !DANGEROUS_BUILTINS.has(s));
This prevents module from being included even with the '*' wildcard. Consider also blocking worker_threads and cluster which can spawn processes.
Option 2: Add module to SPECIAL_MODULES with a safe wrapper
If module must be accessible, provide a sandbox-safe version that only exposes safe APIs:
// lib/builtin.js
const SPECIAL_MODULES = {
events: { /* ... existing ... */ },
buffer: defaultBuiltinLoaderBuffer,
util: defaultBuiltinLoaderUtil,
module: function defaultBuiltinLoaderModule(vm) {
// Only expose safe, read-only metadata — no _load, no _resolveFilename
return vm.readonly({
builtinModules: [...nmod.builtinModules],
// Omit _load, _resolveFilename, _cache, createRequire, etc.
});
}
};
Tradeoff: Breaks sandbox code that legitimately uses Module APIs, but those APIs are inherently unsafe in a sandbox context.
Credit
This vulnerability was discovered and reported by bugbunny.ai.
Severity
9.9 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "vm2"
},
"ranges": [
{
"events": [
{
"introduced": "3.10.5"
},
{
"fixed": "3.11.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.10.5"
]
}
],
"aliases": [
"CVE-2026-43999"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T04:08:55Z",
"nvd_published_at": "2026-05-13T18:16:16Z",
"severity": "CRITICAL"
},
"details": "## Summary\nNodeVM\u0027s `builtin` allowlist can be bypassed when the `module` builtin is allowed (including via the `\u0027*\u0027` wildcard). The `module` builtin exposes Node\u0027s `Module._load()`, which loads any module by name directly in the host context, completely bypassing vm2\u0027s builtin restriction. This allows sandboxed code to load excluded builtins like `child_process` and achieve remote code execution.\n\n## Severity\n**Critical** (CVSS 3.1: 9.9)\n\n`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`\n\n- **Attack Vector:** Network \u2014 sandboxed code is typically received from external sources (user-submitted scripts, plugin code)\n- **Attack Complexity:** Low \u2014 no special conditions required; `[\u0027*\u0027, \u0027-child_process\u0027]` is a common, documented pattern\n- **Privileges Required:** Low \u2014 attacker needs only the ability to submit code to the sandbox, which is the intended use case\n- **User Interaction:** None\n- **Scope:** Changed \u2014 escape from sandbox boundary to host system\n- **Confidentiality Impact:** High \u2014 arbitrary command execution on the host\n- **Integrity Impact:** High \u2014 arbitrary command execution on the host\n- **Availability Impact:** High \u2014 arbitrary command execution on the host\n\n## Affected Component\n- `lib/builtin.js` \u2014 `makeBuiltinsFromLegacyOptions()` (lines 109-117) \u2014 includes `module` in `\u0027*\u0027` expansion\n- `lib/builtin.js` \u2014 `addDefaultBuiltin()` (lines 86-90) \u2014 loads `module` with generic readonly wrapper\n- `lib/builtin.js` \u2014 `SPECIAL_MODULES` (line 61) \u2014 does NOT include `module`\n\n## CWE\n- **CWE-863**: Incorrect Authorization\n\n## Description\n\n### Root Cause: The `module` builtin provides unrestricted host module loading\n\nWhen `builtin: [\u0027*\u0027, \u0027-child_process\u0027]` is configured, `makeBuiltinsFromLegacyOptions` iterates over `BUILTIN_MODULES` and adds all modules not explicitly excluded:\n\n```js\n// lib/builtin.js:40\nconst BUILTIN_MODULES = (nmod.builtinModules || Object.getOwnPropertyNames(process.binding(\u0027natives\u0027)))\n .filter(s=\u003e!s.startsWith(\u0027internal/\u0027));\n\n// lib/builtin.js:109-117\nif (Array.isArray(builtins)) {\n const def = builtins.indexOf(\u0027*\u0027) \u003e= 0;\n if (def) {\n for (let i = 0; i \u003c BUILTIN_MODULES.length; i++) {\n const name = BUILTIN_MODULES[i];\n if (builtins.indexOf(`-${name}`) === -1) {\n addDefaultBuiltin(res, name, hostRequire);\n }\n }\n }\n```\n\nNode\u0027s `builtinModules` includes `\u0027module\u0027` (verified: `require(\u0027module\u0027).builtinModules.includes(\u0027module\u0027)` \u2192 `true`). Since only `\u0027-child_process\u0027` is excluded, `\u0027module\u0027` passes the filter and gets added.\n\nThe `module` builtin is NOT in `SPECIAL_MODULES` (which only covers `events`, `buffer`, `util`), so it gets the generic loader:\n\n```js\n// lib/builtin.js:86-90\nfunction addDefaultBuiltin(builtins, key, hostRequire) {\n if (builtins.has(key)) return;\n const special = SPECIAL_MODULES[key];\n builtins.set(key, special ? special : vm =\u003e vm.readonly(hostRequire(key)));\n}\n```\n\nThis wraps Node\u0027s `Module` class in a readonly proxy and hands it to the sandbox.\n\n### The readonly proxy does not prevent method calls\n\n`ReadOnlyHandler` (bridge.js:940-983) only overrides mutation traps: `set`, `setPrototypeOf`, `defineProperty`, `deleteProperty`, `isExtensible`, `preventExtensions`. It does NOT override `get` or `apply`, which are inherited from `BaseHandler`.\n\n`BaseHandler.apply()` (bridge.js:665-677) forwards function calls directly to the host context:\n\n```js\napply(target, context, args) {\n const object = getHandlerObject(this);\n let ret;\n try {\n context = otherFromThis(context);\n args = otherFromThisArguments(args);\n ret = otherReflectApply(object, context, args);\n } catch (e) {\n throw thisFromOtherForThrow(e);\n }\n return thisFromOther(ret);\n}\n```\n\nSo `Module._load(\u0027child_process\u0027)` is forwarded to Node\u0027s native `Module._load` in the host context, which loads `child_process` without any vm2 allowlist check.\n\n### Inconsistent defense: some builtins are isolated, `module` is not\n\nThe codebase IS aware that certain builtins need special handling:\n\n- `events`: Gets a complete sandbox-native reimplementation via `lib/events.js`\n- `buffer`: Custom loader that only exposes the `Buffer` class\n- `util`: Custom loader that replaces `inherits` with a sandbox-safe version\n\nBut `module` \u2014 which provides access to the host\u0027s entire module loading infrastructure via `Module._load`, `Module._resolveFilename`, etc. \u2014 gets no special treatment at all.\n\n### Full execution chain\n\n1. Host configures `NodeVM` with `builtin: [\u0027*\u0027, \u0027-child_process\u0027]`\n2. `makeBuiltinsFromLegacyOptions` adds `\u0027module\u0027` to allowed builtins (not excluded)\n3. Sandbox code calls `require(\u0027module\u0027)` \u2192 resolver finds `\u0027module\u0027` in builtins \u2192 `loadBuiltinModule(\u0027module\u0027)`\n4. Loader calls `vm.readonly(hostRequire(\u0027module\u0027))` \u2192 returns readonly proxy of Node\u0027s `Module` class\n5. Sandbox reads `Module._load` \u2192 `BaseHandler.get()` returns proxied function\n6. Sandbox calls `Module._load(\u0027child_process\u0027)` \u2192 `BaseHandler.apply()` forwards to host\n7. Host\u0027s `Module._load` loads `child_process` natively (no vm2 check involved)\n8. `child_process` module proxied back to sandbox\n9. Sandbox calls `child_process.execSync(\u0027id\u0027)` \u2192 executes on host \u2192 RCE\n\n## Proof of Concept\n\n```js\nconst { NodeVM } = require(\u0027vm2\u0027);\n\n// Developer thinks child_process is blocked\nconst vm = new NodeVM({\n require: {\n builtin: [\u0027*\u0027, \u0027-child_process\u0027],\n external: false,\n },\n});\n\nconst out = vm.run(`\n const Module = require(\u0027module\u0027);\n // Module._load bypasses vm2\u0027s builtin allowlist entirely\n const cp = Module._load(\u0027child_process\u0027);\n module.exports = cp.execSync(\u0027id\u0027).toString();\n`, \u0027poc.js\u0027);\n\nconsole.log(out.trim()); // prints host uid/gid \u2014 RCE achieved\n```\n\n## Impact\n- **Complete builtin allowlist bypass**: Any configuration that allows the `module` builtin (including `[\u0027*\u0027, \u0027-X\u0027]` patterns) can load ANY builtin, including explicitly excluded ones.\n- **Remote code execution**: Sandboxed code can execute arbitrary commands on the host via `child_process.execSync`.\n- **Common configuration affected**: The `[\u0027*\u0027, \u0027-child_process\u0027, \u0027-fs\u0027]` pattern is documented and widely used by developers who want \"all builtins except dangerous ones.\"\n- **No special conditions**: Unlike environment-dependent attacks, this works on every Node.js version, every OS, and every vm2 deployment that uses the `\u0027*\u0027` wildcard.\n- **Additional attack surfaces via `module`**: Beyond `_load`, the `Module` class also exposes `_resolveFilename`, `_cache`, `_pathCache`, and other internals that could be abused.\n\n## Recommended Remediation\n\n### Option 1: Exclude `module` from `BUILTIN_MODULES` entirely (Preferred)\n\nThe `module` builtin provides unrestricted host module loading and should never be exposed to the sandbox:\n\n```js\n// lib/builtin.js:40\nconst DANGEROUS_BUILTINS = new Set([\u0027module\u0027, \u0027worker_threads\u0027, \u0027cluster\u0027]);\n\nconst BUILTIN_MODULES = (nmod.builtinModules || Object.getOwnPropertyNames(process.binding(\u0027natives\u0027)))\n .filter(s =\u003e !s.startsWith(\u0027internal/\u0027) \u0026\u0026 !DANGEROUS_BUILTINS.has(s));\n```\n\nThis prevents `module` from being included even with the `\u0027*\u0027` wildcard. Consider also blocking `worker_threads` and `cluster` which can spawn processes.\n\n### Option 2: Add `module` to `SPECIAL_MODULES` with a safe wrapper\n\nIf `module` must be accessible, provide a sandbox-safe version that only exposes safe APIs:\n\n```js\n// lib/builtin.js\nconst SPECIAL_MODULES = {\n events: { /* ... existing ... */ },\n buffer: defaultBuiltinLoaderBuffer,\n util: defaultBuiltinLoaderUtil,\n module: function defaultBuiltinLoaderModule(vm) {\n // Only expose safe, read-only metadata \u2014 no _load, no _resolveFilename\n return vm.readonly({\n builtinModules: [...nmod.builtinModules],\n // Omit _load, _resolveFilename, _cache, createRequire, etc.\n });\n }\n};\n```\n\n**Tradeoff**: Breaks sandbox code that legitimately uses `Module` APIs, but those APIs are inherently unsafe in a sandbox context.\n\n## Credit\nThis vulnerability was discovered and reported by [bugbunny.ai](https://bugbunny.ai).",
"id": "GHSA-947f-4v7f-x2v8",
"modified": "2026-05-14T20:36:36Z",
"published": "2026-05-07T04:08:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43999"
},
{
"type": "PACKAGE",
"url": "https://github.com/patriksimek/vm2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "vm2 has a NodeVM builtin allowlist bypass via `module` builtin\u0027s `Module._load` that allows sandbox escape"
}
WID-SEC-W-2026-1349
Vulnerability from csaf_certbund - Published: 2026-05-03 22:00 - Updated: 2026-06-16 22:00Summary
vm2: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: vm2 ist eine Sandbox, in der nicht vertrauenswürdiger Code der in Node integrierten Module ausgeführt werden kann.
Angriff: Ein Angreifer kann mehrere Schwachstellen in vm2 ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Open Source vm2 <3.11.1
Open Source / vm2
|
<3.11.1 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source vm2
Open Source / vm2
|
cpe:/a:vm2_project:vm2:-
|
— |
References
23 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "vm2 ist eine Sandbox, in der nicht vertrauensw\u00fcrdiger Code der in Node integrierten Module ausgef\u00fchrt werden kann.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in vm2 ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1349 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1349.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1349 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1349"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2cm2-m3w5-gp2f vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-2cm2-m3w5-gp2f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-47x8-96vw-5wg6 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-47x8-96vw-5wg6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-55hx-c926-fr95 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-55hx-c926-fr95"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6785-pvv7-mvg7 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-6785-pvv7-mvg7"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-8hg8-63c5-gwmx vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-8hg8-63c5-gwmx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-947f-4v7f-x2v8 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-947f-4v7f-x2v8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9qj6-qjgg-37qq vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9qj6-qjgg-37qq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9vg3-4rfj-wgcm vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9vg3-4rfj-wgcm"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cp6g-6699-wx9c vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-ffh4-j6h5-pg66 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-ffh4-j6h5-pg66"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-grj5-jjm8-h35p vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-grj5-jjm8-h35p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-hw58-p9xv-2mjh vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-hw58-p9xv-2mjh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-mpf8-4hx2-7cjg vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-mpf8-4hx2-7cjg"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qcp4-v2jj-fjx8 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-qcp4-v2jj-fjx8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qvjj-29qf-hp7p vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-qvjj-29qf-hp7p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v27g-jcqj-v8rw vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v27g-jcqj-v8rw"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v37h-5mfm-c47c vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-vwrp-x96c-mhwq vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-vwrp-x96c-mhwq"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-wp5r-2gw5-m7q7 vom 2026-05-03",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-wp5r-2gw5-m7q7"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-7292 vom 2026-05-29",
"url": "http://linux.oracle.com/errata/ELSA-2026-7292.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26234 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26234"
}
],
"source_lang": "en-US",
"title": "vm2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T09:01:01.290+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1349",
"initial_release_date": "2026-05-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-26995, EUVD-2026-26993, EUVD-2026-26987, EUVD-2026-26984, EUVD-2026-26986"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "4",
"summary": "Referenz(en) aufgenommen: EUVD-2026-30071, EUVD-2026-30079, EUVD-2026-30074, EUVD-2026-30073, EUVD-2026-30067, EUVD-2026-30076, EUVD-2026-30077, EUVD-2026-30075, EUVD-2026-30072, EUVD-2026-30069, EUVD-2026-30070, EUVD-2026-30078"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.11.1",
"product": {
"name": "Open Source vm2 \u003c3.11.1",
"product_id": "T053508"
}
},
{
"category": "product_version",
"name": "3.11.1",
"product": {
"name": "Open Source vm2 3.11.1",
"product_id": "T053508-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:vm2_project:vm2:3.11.1"
}
}
},
{
"category": "product_name",
"name": "Open Source vm2",
"product": {
"name": "Open Source vm2",
"product_id": "T053510",
"product_identification_helper": {
"cpe": "cpe:/a:vm2_project:vm2:-"
}
}
}
],
"category": "product_name",
"name": "vm2"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-22709",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-22709"
},
{
"cve": "CVE-2026-24118",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24118"
},
{
"cve": "CVE-2026-24120",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24120"
},
{
"cve": "CVE-2026-24781",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-24781"
},
{
"cve": "CVE-2026-26332",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-26332"
},
{
"cve": "CVE-2026-26956",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-26956"
},
{
"cve": "CVE-2026-43997",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-43997"
},
{
"cve": "CVE-2026-43999",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-43999"
},
{
"cve": "CVE-2026-44000",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44000"
},
{
"cve": "CVE-2026-44001",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44001"
},
{
"cve": "CVE-2026-44002",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44002"
},
{
"cve": "CVE-2026-44003",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44003"
},
{
"cve": "CVE-2026-44005",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44005"
},
{
"cve": "CVE-2026-44006",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44006"
},
{
"cve": "CVE-2026-44007",
"product_status": {
"known_affected": [
"67646",
"T053508",
"T004914",
"T053510"
]
},
"release_date": "2026-05-03T22:00:00.000+00:00",
"title": "CVE-2026-44007"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…