Detect CVE-2026-47208: vm2 Sandbox Breakout via Promise Species in Google Chronicle
Detects exploitation of CVE-2026-47208, a critical sandbox escape vulnerability in the vm2 Node.js library (versions <= 3.11.3). Attackers can abuse the Promise species pattern to break out of the vm2 sandbox and execute arbitrary code on the host. This vulnerability has a CVSS score of 10.0 and a public PoC is available.
MITRE ATT&CK
YARA-L Detection Query
rule cve_2026_47208_vm2_sandbox_escape {
meta:
author = "df00tech Detection Engineering"
description = "Detects CVE-2026-47208 vm2 sandbox breakout via Promise species manipulation"
severity = "CRITICAL"
priority = "HIGH"
reference = "https://github.com/advisories/GHSA-76w7-j9cq-rx2j"
mitre_attack = "T1059.007, T1203, T1068"
events:
$node_proc.metadata.event_type = "PROCESS_LAUNCH"
$node_proc.principal.process.file.full_path = /node(\.exe)?$/i
(
$node_proc.target.process.command_line = /vm2/i or
$node_proc.target.process.command_line = /Symbol\.species/i or
$node_proc.target.process.command_line = /__proto__/i
)
$child_proc.metadata.event_type = "PROCESS_LAUNCH"
$child_proc.principal.process.file.full_path = /node(\.exe)?$/i
$child_proc.target.process.file.full_path = /(sh|bash|dash|cmd\.exe|powershell\.exe|python[23]?|curl|wget|perl|ruby)$/i
$node_proc.principal.hostname = $child_proc.principal.hostname
match:
$node_proc.principal.hostname over 5m
outcome:
$risk_score = max(95)
$target_cmd = array_distinct($child_proc.target.process.command_line)
condition:
$node_proc and $child_proc
}Chronicle YARA-L rule detecting vm2 sandbox escape. Correlates Node.js processes with Promise-species manipulation arguments against subsequent unexpected child process launches on the same host.
Data Sources
Required Tables
False Positives & Tuning
- Node.js applications that intentionally use vm2 and separately spawn child processes for legitimate operations
- DevOps tooling using vm2 sandboxing as part of a pipeline that also executes shell commands
- Orchestration systems running Node.js workers that spawn subprocesses as part of job execution
- Testing frameworks that run vm2-based code and shell assertions in sequence
Other platforms for CVE-2026-47208
Testing Methodology
Validate this detection against 3 adversary techniques from Atomic Red Team. Each test below lists the behaviour to exercise and the telemetry you should expect to see. Executable commands and cleanup steps are available with Pro.
- Test 1vm2 Promise Species Sandbox Escape - Basic PoC
Expected signal: EDR should record: node process executing with command line containing vm2 and Promise/species keywords; file write event to /tmp/vm2_escape_proof.txt from the node process.
- Test 2vm2 Sandbox Escape with Child Process Spawn
Expected signal: EDR process tree: node.exe spawning bash as child process. Sysmon Event ID 1 or auditd EXECVE records showing parent process as node and child as bash with the -c flag.
- Test 3Vulnerable vm2 Version Inventory Check
Expected signal: File read events for package.json files under node_modules/vm2/ paths. The find command execution and subsequent node invocations should appear in process telemetry.
References (5)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j
- https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8
- https://github.com/patriksimek/vm2/releases/tag/v3.11.4
- https://nvd.nist.gov/vuln/detail/CVE-2026-47208
- https://github.com/advisories/GHSA-76w7-j9cq-rx2j
Unlock Pro Content
Get the full detection package for CVE-2026-47208 including response playbook, investigation guide, and atomic red team tests.