CVE-2026-47135

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4

Description An issue exists where the Symbol.for override in setup-sandbox.js only intercepts a small portion of dangerous Node.js cross-realm symbols. This is compounded by the bridge's set(), defineProperty(), and deleteProperty() traps lacking an isDangerousCrossRealmSymbol key check. Consequently, sandbox code can obtain real cross-realm symbols and write them to host objects to control host-side behavior. This has been verified through a util.promisify hijack chain, where sandbox-controlled values are returned to the host. Additionally, this allows for semantic confusion regarding host stream type checks and WebStream internals for any non-frozen host object exposed to the sandbox, potentially bypassing host-side input validation.

Recommendations Update to version 3.11.4. As a temporary workaround, restrict the exposure of non-frozen host objects to the sandbox to minimize the risk of symbol-based property manipulation.