Detect CVE-2026-47140 — vm2 Builtin Denylist Bypass via process/inspector Leads to Host RCE in Google Chronicle
Detects exploitation of CVE-2026-47140, a critical sandbox escape in the npm vm2 package (versions <= 3.11.3). Attackers bypass the builtin module denylist using process and inspector/promises references to execute arbitrary code on the host Node.js process. CVSS 10.0. PoC is publicly available.
MITRE ATT&CK
YARA-L Detection Query
rule cve_2026_47140_vm2_sandbox_escape {
meta:
author = "df00tech Detection Engineering"
description = "Detects vm2 sandbox escape via CVE-2026-47140 — builtin denylist bypass via process/inspector/promises"
severity = "CRITICAL"
priority = "HIGH"
reference = "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4"
cve = "CVE-2026-47140"
yara_version = "YL2.0"
rule_version = "1.0"
events:
$proc.metadata.event_type = "PROCESS_LAUNCH"
$proc.principal.process.file.full_path = /node(\.exe)?$/
(
$proc.target.process.command_line = /vm2/ or
$proc.target.process.command_line = /NodeVM/ or
$proc.target.process.command_line = /new\s+VM\s*\(/
)
$proc.principal.asset.hostname = $hostname
$proc.principal.process.pid = $pid
$net.metadata.event_type = "NETWORK_CONNECTION"
$net.principal.process.pid = $pid
$net.principal.asset.hostname = $hostname
not $net.target.ip = /^(10\.|172\.(1[6-9]|2[0-9]|3[01])\.|192\.168\.|127\.)/
condition:
$proc and $net
}Chronicle YARA-L rule correlating Node.js vm2 process launches with subsequent outbound network connections to public IPs, indicating sandbox escape exploitation.
Data Sources
Required Tables
False Positives & Tuning
- Cloud-native Node.js applications using vm2 with legitimate external service dependencies
- Development builds where vm2 tests run alongside external package fetching
- Security research environments with controlled vm2 escape testing
- Third-party SaaS integrations that use vm2 for plugin sandboxing with expected callbacks
Other platforms for CVE-2026-47140
Testing Methodology
Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1vm2 Sandbox Escape via inspector/promises — Host Code Execution
Expected signal: Sysmon/auditd will log: (1) node process launch with vm2 in path or arguments, (2) file creation event at /tmp/vm2_escape_poc.txt by the node process, (3) a child process or execSync call spawning sh/bash from within node
- Test 2vm2 Escape with Outbound Network Callback (Simulated C2 Beacon)
Expected signal: Network flow logs will show an outbound HTTP connection to example.com originating from the node process PID. EDR should capture the network connect event and correlate it to the parent node process with vm2 in its command line.
- Test 3vm2 Escape via process.binding — Enumerate Host Environment Secrets
Expected signal: File write event at /tmp/vm2_env_harvest.json attributed to node process. Process event showing node with potential vm2-related arguments. EDR may also capture the internal environment variable enumeration if it hooks process.env access.
References (5)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4
- https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b
- https://github.com/patriksimek/vm2/releases/tag/v3.11.4
- https://nvd.nist.gov/vuln/detail/CVE-2026-47140
- https://github.com/advisories/GHSA-rp36-8xq3-r6c4
Unlock Pro Content
Get the full detection package for CVE-2026-47140 including response playbook, investigation guide, and atomic red team tests.