Security Advisory - Published 2026-06-13 - Node.js / vm2

vm2 June 2026 CVE batch: check sandbox use before 3.11.4

Services that run customer code, formulas, plugins, workflow scripts, or AI-generated JavaScript through vm2 should treat this batch as urgent. Multiple findings affect vm2 before 3.11.4 and can break the expected sandbox boundary.

Defensive scope: this page covers inventory, dependency upgrades, isolation review, and log checks. It does not include sandbox escape snippets, payloads, or validation against third-party systems.

Who should check

  • Node.js apps that evaluate user-supplied JavaScript, formulas, or workflow code.
  • SaaS products that use vm2 for plugin, automation, or custom-script execution.
  • Internal tools that run AI-generated code in a server-side sandbox.
  • CI systems or bots that execute repository-provided JavaScript.

Version and dependency checks

npm ls vm2
pnpm why vm2
yarn why vm2
rg '"vm2"|from "vm2"|require\\("vm2"\\)' .

Any vm2 version below 3.11.4 should be upgraded. Check lock files and container images; a direct dependency can be fixed while an older transitive copy remains in another service.

Exposure checks

  • Identify every endpoint, queue worker, or admin tool that accepts code or expressions from users.
  • Check whether sandboxed code can reach secrets, filesystem paths, network clients, or cloud metadata.
  • Review recent sandbox errors, unexpected outbound requests, and worker restarts.
  • Rotate tokens used by sandbox workers if untrusted code ran before the patch.

Safe fix path

  1. Upgrade vm2 to 3.11.4 or later in every Node.js service and worker image.
  2. Rebuild containers from a clean lock file and redeploy workers before web frontends.
  3. Disable customer-code execution while the patch is being rolled out if exposure is unclear.
  4. Review sandbox worker logs and outbound network telemetry for the advisory window.
  5. Consider moving untrusted code execution into a separate runtime, account, network, and filesystem boundary.

Ping7 repair path

Ping7 can review vm2 dependency state, sandbox exposure, worker logs, and post-patch isolation for owned or client-approved systems. Use CVE Repair if untrusted code ran in production or the service stores secrets near the sandbox.

References