CVE-2026-47139
Deferred Deferred - Pending Action
HTTP Request Bypass in vm2 Sandbox

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: GitHub, Inc.

Description
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as _http_client and _http_server. These are not blocked when the public modules are excluded. Sandboxed code can use these internal builtins to make outbound HTTP requests and open listening HTTP sockets even though the public network modules are denied. This issue has been patched in version 3.11.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-12
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-47139
EUVD
EUVD-2026-36444
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patriksimek vm2 to 3.11.4 (exc)
patriksimek vm2 From 3.11.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-47139 is a vulnerability in the vm2 library's NodeVM sandbox for Node.js. The issue arises because when network-related built-in modules like http, https, net, and others are excluded from the sandbox, internal underscored modules such as _http_client and _http_server are not blocked. These internal modules are undocumented but still accessible, allowing sandboxed code to bypass restrictions and perform network operations like making outbound HTTP requests or opening listening sockets.

This happens because the wildcard builtin option in NodeVM includes these underscored internal modules, and the exclusion mechanism only checks for exact matches of public module names, not their internal siblings. As a result, even when public network modules are denied, the internal ones remain accessible, enabling sandbox escape and network access.

The vulnerability was patched in version 3.11.4 by filtering out any builtin module names starting with an underscore from the allowed modules list, preventing these internal modules from being included in the sandbox by default.

Compliance Impact

This vulnerability allows sandboxed code to bypass network restrictions and perform unauthorized outbound HTTP requests or open listening sockets. Such unauthorized network access could lead to data exfiltration or unauthorized internal network communication.

Because of this, organizations using vulnerable versions of vm2 may face increased risk of data breaches or unauthorized access to sensitive information, which could impact compliance with data protection standards and regulations such as GDPR or HIPAA that require strict controls over data access and transmission.

Mitigating this vulnerability by upgrading to vm2 version 3.11.4 or later is important to maintain compliance with these standards by ensuring sandboxed environments cannot bypass network restrictions.

Impact Analysis

This vulnerability can allow an attacker who can execute code inside the vm2 sandbox to bypass network restrictions and perform Server-Side Request Forgery (SSRF) style attacks.

  • The attacker can make outbound HTTP requests from the sandboxed environment, potentially accessing internal or sensitive network resources.
  • The attacker can open listening HTTP sockets, which could be used to intercept or manipulate network traffic.
  • This could lead to unauthorized access to localhost services, cloud metadata endpoints, or other internal network endpoints that should have been protected by the sandbox.

Overall, this vulnerability compromises the isolation guarantees of the sandbox, increasing the risk of data exposure or further attacks on internal systems.

Detection Guidance

This vulnerability involves sandboxed code using internal underscored builtins like _http_client and _http_server to bypass network restrictions. Detection involves monitoring for usage or loading of these internal modules within the vm2 sandbox environment.

You can detect attempts to exploit this vulnerability by checking if sandboxed code is requiring modules with names starting with an underscore, such as '_http_client' or '_http_server'.

Suggested commands include searching your codebase or runtime logs for require calls to these internal modules, for example:

  • grep -r "require('_http_client')" /path/to/your/code
  • grep -r "require('_http_server')" /path/to/your/code

Additionally, monitoring network activity from sandboxed processes for unexpected outbound HTTP requests or listening sockets may help detect exploitation attempts.

Mitigation Strategies

The primary mitigation is to upgrade vm2 to version 3.11.4 or later, where the vulnerability has been patched by excluding all underscored internal builtins from the wildcard builtin modules list.

If upgrading immediately is not possible, explicitly disallow or block usage of internal underscored modules such as '_http_client', '_http_server', and '_tls_wrap' in your sandbox configuration.

Review and restrict sandbox permissions to prevent sandboxed code from requiring or accessing these internal modules.

Monitor and audit sandboxed code behavior for any network activity that should be blocked.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47139. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart