CVE-2026-47208

CVE-2026-47208: vm2 Sandbox Breakout via Promise Species

Execution Privilege Escalation Lateral Movement Last updated:

Detects exploitation of CVE-2026-47208, a critical sandbox escape vulnerability in the vm2 Node.js library (versions <= 3.11.3). Attackers can abuse the Promise species pattern to break out of the vm2 sandbox and execute arbitrary code on the host. This vulnerability has a CVSS score of 10.0 and a public PoC is available.

Vulnerability Intelligence

Public PoC

Affected Software

Vendor
npm
Product
vm2
Versions
<= 3.11.3

Weakness (CWE)

CWE-913

Timeline

Disclosed
May 29, 2026

CVSS

10.0
Critical (9.0–10)
Write-up coming soon

What is CVE-2026-47208 CVE-2026-47208: vm2 Sandbox Breakout via Promise Species?

CVE-2026-47208: vm2 Sandbox Breakout via Promise Species (CVE-2026-47208) maps to the Execution and Privilege Escalation and Lateral Movement tactics — the adversary is trying to run malicious code in MITRE ATT&CK.

This page provides production-ready detection logic for CVE-2026-47208: vm2 Sandbox Breakout via Promise Species, covering the data sources and telemetry it touches: Microsoft Defender for Endpoint, Microsoft Sentinel. The queries below are rated critical severity at medium confidence, and ship for 7 SIEM platforms — KQL, SPL, Elastic, QRadar, Sumo, YARA-L, LogScale.

MITRE ATT&CK

Tactic
Execution Privilege Escalation Lateral Movement
Microsoft Sentinel / Defender
kusto 
let vm2SandboxEscape = DeviceProcessEvents
| where Timestamp > ago(24h)
| where FileName in~ ("node", "node.exe")
| where ProcessCommandLine has_any ("vm2", "VM2")
| where ProcessCommandLine has_any ("Promise", "species", "Symbol.species", "__proto__", "constructor")
| project Timestamp, DeviceName, AccountName, ProcessId, FileName, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessCommandLine;
let suspiciousChildProcs = DeviceProcessEvents
| where Timestamp > ago(24h)
| where InitiatingProcessFileName in~ ("node", "node.exe")
| where FileName in~ ("sh", "bash", "cmd.exe", "powershell.exe", "python", "python3", "perl", "ruby", "curl", "wget")
| project Timestamp, DeviceName, AccountName, ProcessId, FileName, ProcessCommandLine, InitiatingProcessFileName, InitiatingProcessId;
let npm2VulnPackage = DeviceFileEvents
| where Timestamp > ago(24h)
| where FileName =~ "package.json"
| where FolderPath has "vm2"
| project Timestamp, DeviceName, FolderPath, FileName;
vm2SandboxEscape
| union suspiciousChildProcs
| union npm2VulnPackage
| sort by Timestamp desc

Detects vm2 sandbox breakout attempts by correlating Node.js process executions with Promise/species-related arguments, unexpected child process spawns from Node.js, and presence of vm2 package files.

critical severity medium confidence

Data Sources

Microsoft Defender for Endpoint Microsoft Sentinel

Required Tables

DeviceProcessEvents DeviceFileEvents

False Positives

  • Legitimate Node.js applications using vm2 for sandboxing with Promise-based code patterns
  • Security researchers testing vm2 in authorized lab environments
  • Automated package auditing tools scanning vm2 installations
  • CI/CD pipelines running Node.js test suites that exercise Promise functionality

Sigma rule & cross-platform mapping

The detection logic for CVE-2026-47208: vm2 Sandbox Breakout via Promise Species (CVE-2026-47208) above is provided in a vendor-neutral form so you can deploy it on any SIEM. The same logic is shipped here as native KQL (Microsoft Sentinel / Defender), SPL (Splunk), Elastic (Elastic Security (EQL)), QRadar (IBM QRadar (AQL)), Sumo (Sumo Logic CSE), YARA-L (Google Chronicle / SecOps), LogScale (CrowdStrike LogScale (CQL)) queries. In Sigma terms, this detection targets the following logsource: 

logsource:
  category: process_creation
  product: windows

Browse the community-maintained Sigma rules for this technique:

SigmaHQ rules for CVE-2026-47208 Sigma rules on detection.fyi

Platform-specific guides for CVE-2026-47208

Detect in Microsoft Sentinel (KQL) Detect in Splunk (SPL) Detect in Elastic Security (Elastic) Detect in IBM QRadar (QRadar) Detect in Sumo Logic CSE (Sumo) Detect in Google Chronicle (YARA-L) Detect in CrowdStrike LogScale (LogScale)
Last updated: 2026-06-20 Research depth: standard
References (5)

Testing Methodology

Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.

  1. Test 1vm2 Promise Species Sandbox Escape - Basic PoC

    Expected signal: EDR should record: node process executing with command line containing vm2 and Promise/species keywords; file write event to /tmp/vm2_escape_proof.txt from the node process.

  2. Test 2vm2 Sandbox Escape with Child Process Spawn

    Expected signal: EDR process tree: node.exe spawning bash as child process. Sysmon Event ID 1 or auditd EXECVE records showing parent process as node and child as bash with the -c flag.

  3. Test 3Vulnerable vm2 Version Inventory Check

    Expected signal: File read events for package.json files under node_modules/vm2/ paths. The find command execution and subsequent node invocations should appear in process telemetry.

Unlock Pro Content

Get the full detection package for CVE-2026-47208 including response playbook, investigation guide, and atomic red team tests.

Response PlaybookInvestigation GuideHunting QueriesAtomic Red Team TestsTuning Guidance
Sign Up for Pro View Pricing

Related Detections

Tactic Hubs

TA0002ExecutionTA0004Privilege EscalationTA0008Lateral Movement

Related Techniques

T1059.007JavaScriptT1203Exploitation for Client ExecutionT1068Exploitation for Privilege Escalation

Same Tactic: Execution

Popular Detections