CVE-2026-22709 represents a critical sandbox escape vulnerability in the widely used vm2 Node.js library, allowing attackers to achieve remote code execution (RCE) on host systems.This flaw revives concerns about vm2’s repeated security failures, earning it the moniker “Zombie Exploit” due to its exploitation of async Promise handling.
Vulnerability Breakdown
The issue stems from inadequate sanitization of Promise.prototype.then and Promise.prototype.catch callbacks in vm2 versions before 3.10.2.Attackers bypass sandbox isolation by crafting malicious Proxies that leak unsanitized host objects during V8’s stack trace generation in Node.js v24+ environments.
In practice, an attacker triggers an async rejection with a nested Proxy—such as Promise.reject(maliciousProxy)—exploiting Proxy traps on the ‘stack’ property before vm2’s filters activate.This grants access to the host’s Function constructor, enabling arbitrary code like new Function("return process.mainModule.require('child_process').execSync('id')")() for full RCE.
Impact and Scope
With a CVSS v3.1 score of 9.8 (Critical), the vulnerability enables network-based attacks without authentication, potentially compromising servers running untrusted JavaScript.It affects vm2 up to 3.10.1, which powers around 900 NPM dependencies in serverless functions, eval sandboxes, and similar setups.
Node.js runtimes from v24 onward (including v25) are confirmed vulnerable due to V8 optimizations. Despite vm2’s long unmaintained status, its persistence in dependency trees amplifies real-world risk.
Proof-of-Concept Outline
A basic exploit chain involves:
- Injecting a Proxy that intercepts property access in the sandbox.
- Forcing an async error to propagate a tainted stack trace.
- Hijacking serialization to extract host objects like
Function. - Executing payloads via the leaked constructor.
Security researchers have shared working POCs on GitHub, demonstrating id command execution in seconds.
Mitigation Strategies
- Immediate Action: Upgrade to vm2 3.10.2 or later, though availability is limited.
- Preferred Fix: Migrate to actively maintained alternatives like isolated-vm, which addresses vm2’s architectural flaws.
- Detection: Scan dependencies with
npm list vm2; test environments using public POCs; deploy runtime monitors like Penligent. - Long-term: Audit all sandboxing logic and prefer native Node.js isolates over third-party libraries.
NVD analysis remains preliminary as of late January 2026, so track updates closely.Organizations using vm2 should prioritize patching amid rising exploit attempts in the wild.
