CVE-2026-43998

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0

Description NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in the host context. This occurs because path validation uses path.resolve(), which does not dereference symlinks, while module loading uses Node's native require() function, which does. An attacker can exploit this discrepancy to load arbitrary host-realm modules and achieve remote code execution. The issue is specifically located in the isPathAllowed() and loadJS() functions within lib/resolver-compat.js, and the resolve() function in lib/filesystem.js.

Recommendations Update to version 3.11.0. As a temporary workaround, restrict the use of filesystem symlinks within the allowed root directory to prevent unauthorized module loading.