CVE-2026-47137 Microsoft Sentinel · KQL

Detect CVE-2026-47137 — vm2 Sandbox Escape via nesting:true Bypass (RCE) in Microsoft Sentinel

Detects exploitation of CVE-2026-47137, a critical sandbox escape vulnerability in the vm2 Node.js library (<=3.11.3). This bypass circumvents the CVE-2023-37903 patch by abusing the nesting:true configuration option without an explicit require, enabling full remote code execution from within a sandboxed context. CVSS 10.0.

MITRE ATT&CK

Tactic
Execution Privilege Escalation Lateral Movement

KQL Detection Query

Microsoft Sentinel (KQL)
kusto 
union DeviceProcessEvents, DeviceFileEvents, DeviceNetworkEvents
| where TimeGenerated > ago(7d)
| where InitiatingProcessFileName in~ ("node", "node.exe", "nodejs")
| where (
    (ProcessCommandLine has "vm2" and ProcessCommandLine has_any ("nesting", "sandbox", "VM", "require"))
    or (InitiatingProcessCommandLine has "vm2" and InitiatingProcessCommandLine has_any ("nesting:true", "sandbox escape"))
    or (FileName has_any ("vm2") and ActionType == "FileCreated" and FolderPath has "node_modules")
  )
| extend SuspiciousChildProcess = iff(
    ProcessCommandLine has_any ("child_process", "exec", "spawn", "execSync", "spawnSync", "execFileSync"),
    true, false
  )
| extend NetworkEgress = iff(
    RemoteIPType == "Public" and ActionType == "NetworkConnectionSuccess",
    true, false
  )
| where SuspiciousChildProcess == true or NetworkEgress == true
| project TimeGenerated, DeviceName, AccountName, InitiatingProcessFileName,
    InitiatingProcessCommandLine, ProcessCommandLine, RemoteIP, RemotePort,
    FileName, FolderPath, ActionType, SuspiciousChildProcess, NetworkEgress
| sort by TimeGenerated desc
critical severity high confidence

Identifies Node.js processes loading vm2 that subsequently spawn child processes or initiate outbound network connections, which may indicate exploitation of the CVE-2026-47137 sandbox escape. Correlates process, file, and network telemetry.

Data Sources

Microsoft Defender for EndpointMicrosoft SentinelAzure Monitor

Required Tables

DeviceProcessEventsDeviceFileEventsDeviceNetworkEvents

False Positives & Tuning

  • Legitimate Node.js applications using vm2 for safe sandboxing that invoke child_process for valid build or test workflows
  • CI/CD pipeline runners executing npm test suites that reference vm2 in test scaffolding
  • Developer workstations running vm2-based tooling (e.g., code playgrounds) with expected network activity
  • Automated security scanners or DAST tools that probe vm2-based endpoints and trigger benign child process spawns

Other platforms for CVE-2026-47137

Splunk (SPL) Elastic Security (Elastic) IBM QRadar (QRadar) Sumo Logic CSE (Sumo) Google Chronicle (YARA-L) CrowdStrike LogScale (LogScale) All platforms (combined) →

Testing Methodology

Validate this detection against 4 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1vm2 nesting:true Sandbox Escape via CVE-2026-47137

    Expected signal: Sysmon EventID 1 showing node process spawning with vm2 in command line; child_process.execSync call visible in process arguments; file creation event for /tmp/vm2_escape_proof.txt

  2. Test 2vm2 Vulnerable Version Installation and Verification

    Expected signal: npm install process spawning with [email protected] argument; file creation events under /tmp/vm2_test/node_modules/vm2/; network connection to npm registry (registry.npmjs.org:443)

  3. Test 3vm2 Reverse Shell Simulation Post-Escape

    Expected signal: Network connection from node process to 127.0.0.1:9999 (or configured beacon host); curl child process spawned from Node.js parent; DNS/HTTP request with CVE identifier in URI path

  4. Test 4vm2 nesting Bypass with Prototype Chain Traversal (Variant)

    Expected signal: Node.js process with vm2 in command line; fs.writeFileSync call resulting in file creation event at /tmp/vm2_variant_proof.txt; no child process spawned in this variant

Last updated: 2026-06-21 Research depth: standard
References (6)

Unlock Pro Content

Get the full detection package for CVE-2026-47137 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0002ExecutionTA0004Privilege EscalationTA0008Lateral Movement

Related Techniques

T1059.006PythonT1055Process InjectionT1068Exploitation for Privilege EscalationT1190Exploit Public-Facing Application

Same Tactic: Execution

Popular Detections